Share This Post

Altered for clarity: More ConfigMgr versions affected by Elevation vulnerability

The original Microsoft Security Bulletin, MS12-062, pertaining to a patch for Configuration Manager (and SMS) environments was a tad bit confusing.  So much so, that since the release of the bulletin there’s been a large uproar in the community trying to understand which version of ConfigMgr were actually affected.  The original bulletin was poorly worded, causing a maelstrom of back and forth discussions – both online and offline.

Overnight, the bulletin has been altered to better reflect the situation.  Yay, community!

From the Revisions section:

  • V1.0 (September 11, 2012): Bulletin published.
  • V1.1 (September 12, 2012): Removed Microsoft System Center Configuration Manager 2007 R2 and Microsoft System Center Configuration Manager 2007 R3 from the Non-Affected Software table and added a bulletin FAQ that addresses the issue. Also added a bulletin FAQ to address the server roles that require this update. These are bulletin changes only. There were no changes to detection logic or security update files.

In fact, when you look now, you’ll see a much simpler notation on affected versions.  The ONLY version of ConfigMgr not affected is ConfigMgr 2012.

Affected/Not Affected

You should also note that this update will NOT be detected through WSUS.  You MUST use the download links provided in the bulletin and deploy this like any other software package.  The requirements and switches are also included on the bulletin page.

Updated Bulletin page:  Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)


Share This Post

A community professional, keynoter, and evangelist who has driven social media and marketing strategies, editorial successes, delivered customer successes and built some of the largest and longest-running online communities. Rod has created, managed and grown small, medium, and mega-sized conferences; run entire editorial teams to deliver record traffic and market leadership; as product manager, directed the success of hundreds of product releases; supported sales and marketing to ensure customer success; developed, run and sold businesses; written thousands of technical articles, white papers, case studies, and technical documentation; hosted and delivered hundreds of attendance shattering webinars and virtual tradeshows; and delivered keynote speeches and sessions at a wide variety of events including conferences, webinars, events, and user groups.

Leave a Reply