ConfigMgr Product Team Explains KB2840628 Issues and Workarounds

By Nash Pherson  -

The ConfigMgr Product Team posted more details late last night relating to KB2840628 problems first reported by Brian Mason.  This security update for .NET Framework 4 causes issues in ConfigMgr environments that are running with SQL Server 2012.  The update applies to Windows Server 2003/2008/2008 R2, but does not apply to Windows Server 2012. There will be a revised update in the near future which addresses the problems, but their blog post enumerates the problems and easy workarounds.

Issues Reported with MS13-052 (KB2840628) and Configuration Manager (Issues and Workarounds)

http://blogs.technet.com/b/configmgrteam/archive/2013/07/17/issues-reported-with-ms13-052-kb2840628-and-configmgr.aspx

For the 3 known issues related to KB2840628 and ConfigMgr, the product team lists very simple workarounds.  While product team states that temporarily uninstalling the security update will fix the issues, they recommend you implement the workarounds instead of uninstalling until the revised update gets released.  The vulnerability addressed by this security update allows privilege escalation when a client views a specially crafted webpage by using a XAML Browser Application.

For more about the vulnerability, see the security bulletin:

https://technet.microsoft.com/en-us/security/bulletin/MS13-052

 

I hope that helps,

 

Nash

email

Written by , Posted .