AnsweredAssumed Answered

Q90855 - Microsoft System Center Operations Manager Elevation of Privilege Vulnerability (MS13-003). Potential vs. Confirmed - Detection/Reporting Method Challenge

Question asked by DMFezzaReed Employee on Mar 19, 2013
Latest reply on Mar 25, 2013 by DMFezzaReed

Based on the reported findings, Qualys appears to be investigating only the registry entry for the HealthService.dll version (%ProgramFiles%\System Center Operations Manager 2007\HealthService.dll Version is 6.1.7221.81) to determine the necessity of MS13-003 needing to be applied.

 

IMPORTANT: Application of MS13-003 does NOT update the HealthService.dll version in the registry key therefore, Q90855 continues to report even after the patch has been applied.

 

I contend that the vulnerability testing logic and/or methodology is flawed – OR – at the very least, the vulnerability type (Confirmed vs. Potential) reported is flawed.

 

This patch is to remediate vulnerabilities in the SCOM Web Console. The majority of the servers, in my environment, reporting Q90855 have only the SCOM agent installed and NOT the web console.

 

There is no way, in an environment our size [an enterprise sized company running SCOM] can feasibility process false positive evidence for every server that is running the SCOM agent and reporting Q90855.

Outcomes