SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above, time for another SCOM shot! Don’t forget your vaccination card 🙂
Let’s get started. Time to fix the vulnerability for ‘SCOM hotfix released for WebConsole/APM on SCOM2012R2 and above’. Read the support article, and assess what versions you have in your sandbox and production. Once assessed, it’s time to test/implement/verify the fix applied.
Support article
SCOM WebConsole Hotfix links
(support.microsoft.com articles)
Specific support article for SCOM2019 UR3 Hotfix
SCOM2019 UR3 Hotfix support.microsoft.com article link
Specific support article for SCOM2016 UR10 Hotfix
SCOM2016 UR10 Hotfix support.microsoft.com article link
Specific support article for SCOM2012R2 UR14 Hotfix
SCOM2016 UR10 Hotfix support.microsoft.com article link
# Download (same EXE has all 3 SCOM versions)
https://download.microsoft.com/download/3/e/e/3eec1274-64d5-4285-84b9-c50800eb2dd2/KB5006871.EXE
Hotfix updates two paths on SCOM management server with the WebConsole role
Paths updated
(don’t forget to add File Version property to your display)
NOTE Drive letter depends on where you installed SCOM (typically D:)
SCOM2019 paths
D:\Program Files\Microsoft System Center\Operations Manager\WebConsole\AppDiagnostics\Web\bin
D:\Program Files\Microsoft System Center\Operations Manager\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin
SCOM2016 paths
D:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole\AppDiagnostics\Web\bin
D:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole\AppDiagnostics\AppAdvisor\Web\Bin
Screenshot of paths
Just in case you forgot how to add properties in Windows Explorer…
In the columns (Name, Date modified, etc,) right click > More
Hit F to move down to the F named details > hit check box for ‘File Version’ or click on File Version and hit space bar
Click on OK
Sort by ‘Date Modified’ Column
File versions AFTER installing hotfix
Depending on which SCOM version you’re running, the path stays pretty much the same, and you want to verify that files were updated for the ‘SCOM hotfix released for WebConsole/APM’
SCOM2019
UR3 = 10.19.10505.0 > Hotfix file version = 10.19.10550.0
SCOM2016
UR10 = 7.2.12324 > Hotfix file version = 7.2.12335.0
Standard UR10 files are 8.0.10918.0
Voila > SCOM hotfix complete
Notify your Security team you’ve patched, because sometimes the scanner software isn’t accurately updated (where Security needs to open a case with their vendor!)