Vulnerabilities in FAST Search Server 2010 for SharePoint : Parsing Could Allow Remote Code Execution
There are two updates available for this vulnerability:
http://support.microsoft.com/kb/2553234 (Feb,12 2013) - MS13-013)
http://technet.microsoft.com/en-us/security/bulletin/MS12-067
http://support.microsoft.com/kb/2553402 (Oct,09 2012) -MS12 -067
1.
Both
security updates addresses “Remote code execution vulnerabilities ” in FAST Search Server 2010 for
SharePoint(Service Pack1) when “Advanced Filter Pack” is enabled. According
to bulletin, the latest one (Feb’13) update replaces the older one (Oct’12).
2.
The
later update covers two new vulnerabilities (CVE-2012-3214 &
CVE-2012-3217) whereas
the previous update addresses around 13 vulnerabilities of “Oracle Outside
In Libraries”, which is being used by “Advanced Filter Pack”.
3.
Prerequisite
: To apply these updates, we must have Service Pack 1 for Microsoft
FAST Search Server 2010 for SharePoint.
4.
Post
Installation : After install this security update on all FAST servers, we must
run the “PSconfig” tool to complete the installation.
5.
Restart
: You may have to restart the computer after you install this security update.
6.
Un-installation:
According to MS Site, this security update cannot be removed. May be we can’t
un-install from “Uninstall an update” option in Control Panel or need something else to remove the same completely.
In addition to the security
vulnerabilities that are resolved by this security update((Feb,12 2013), the following
nonsecurity issue is also resolved:
·
Symptoms
Sync interval is a configurable parameter. However, it does not work as expected in certain scenarios. In these cases, the trimmer sync process does not accept the "syncIntervalMinutes" configuration changes. This situation can affect customers who require a higher freshness requirement for user group syncing of documents.
Resolution
This update applies a change to the trimmer sync frequency in the Microsoft.sharepoint.search.extended.security.trimingsync.exe.config file.
Sync interval is a configurable parameter. However, it does not work as expected in certain scenarios. In these cases, the trimmer sync process does not accept the "syncIntervalMinutes" configuration changes. This situation can affect customers who require a higher freshness requirement for user group syncing of documents.
Resolution
This update applies a change to the trimmer sync frequency in the Microsoft.sharepoint.search.extended.security.trimingsync.exe.config file.
To install a software update in a multiple server deployment
- First update the administration server by following these steps:
- Double-click the executable that contains the FAST Search Server 2010 for SharePoint update.
- Run the post-setup configuration script:
- Open a FAST Search Server 2010 for SharePoint shell as an administrator:
- On the Start menu, click All Programs
- Click Microsoft FAST Search Server 2010 for SharePoint.
- Right click Microsoft FAST Search Server 2010 for SharePoint shell and select Run as administrator.
- On the Start menu, click All Programs
- Browse to <FASTSearchFolder>\installer\scripts, where <FASTSearchFolder> is the path of the folder where you have installed FAST Search Server 2010 for SharePoint, for example C:\FASTSearch.
- Type the following command to run the post-setup configuration script in patch mode:
.\psconfig.ps1 –action p
- Open a FAST Search Server 2010 for SharePoint shell as an administrator:
- Verify that the FAST Search for SharePoint service has started.
- Double-click the executable that contains the FAST Search Server 2010 for SharePoint update.
- Follow the steps above on all non-administration servers in the deployment.
Verify successful update
After you have installed a FAST Search Server 2010 for SharePoint software update, verify that the update completed successfully.
- Check that the update is shown in Installed Updates. In Control Panel, under Programs and Features, click View installed updates.
- Check the installation log, here: <FASTSearchFolder>\var\log\installer\Psconfig-patch_Server_Name_Random_Number
Troubleshooting
Issue: When you run the post-setup configuration script, you receive the following error message:
Cause: The World Wide Web Publishing Service has stopped.
Resolution: Start the World Wide Web Publishing Service and re-run the post-setup configuration script: .\psconfig.ps1 –action p
Unable to regenerate schema. Please check that the user running this script is a member of the FASTSearchAdministrators group and that the admin services and configuration server are running. Unable to apply schema updates. Please check that the user running this script is a member of the FASTSearchAdministrators group and that the admin services and configuration server are running.
Cause: The World Wide Web Publishing Service has stopped.
Resolution: Start the World Wide Web Publishing Service and re-run the post-setup configuration script: .\psconfig.ps1 –action p
Note:
1. Microsoft
Baseline Security Analyzer (MBSA) is a tool which lets administrators scan local and remote systems for missing security updates as well as common
security misconfigurations. So I think it can be best option to know that our
FAST farm is fully updated or not.
2. To help reduce the chance that a restart will be
required, stop all affected services and close all applications that may use
the affected files prior to installing the security update. For more
information about the reasons why you may be prompted to restart, see Microsoft
Knowledge Base Article 887012.