Altered for clarity: More ConfigMgr versions affected by Elevation vulnerability

The original Microsoft Security Bulletin, MS12-062, pertaining to a patch for Configuration Manager (and SMS) environments was a tad bit confusing.  So much so, that since the release of the bulletin there’s been a large uproar in the community trying to understand which version of ConfigMgr were actually affected.  The original bulletin was poorly worded, causing a maelstrom of back and forth discussions – both online and offline.

Overnight, the bulletin has been altered to better reflect the situation.  Yay, community!

From the Revisions section:

  • V1.0 (September 11, 2012): Bulletin published.
  • V1.1 (September 12, 2012): Removed Microsoft System Center Configuration Manager 2007 R2 and Microsoft System Center Configuration Manager 2007 R3 from the Non-Affected Software table and added a bulletin FAQ that addresses the issue. Also added a bulletin FAQ to address the server roles that require this update. These are bulletin changes only. There were no changes to detection logic or security update files.

In fact, when you look now, you’ll see a much simpler notation on affected versions.  The ONLY version of ConfigMgr not affected is ConfigMgr 2012.

Affected/Not Affected

You should also note that this update will NOT be detected through WSUS.  You MUST use the download links provided in the bulletin and deploy this like any other software package.  The requirements and switches are also included on the bulletin page.

Updated Bulletin page:  Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)



Written by , Posted .

Leave a Comment

You must be logged in to post a comment.