Sunday, March 3, 2013

Vulnerabilities in FAST Search Server 2010 for SharePoint : Parsing Could Allow Remote Code Execut


Vulnerabilities in FAST Search Server 2010 for SharePoint : Parsing Could Allow Remote Code Execution


There are two updates available for this vulnerability:
 
http://technet.microsoft.com/en-us/security/bulletin/ms13-013
http://support.microsoft.com/kb/2553234   (Feb,12 2013) - MS13-013)

http://technet.microsoft.com/en-us/security/bulletin/MS12-067
http://support.microsoft.com/kb/2553402   (Oct,09 2012) -MS12 -067
  

1.    Both security updates addresses “Remote code execution vulnerabilities ” in FAST Search Server 2010 for SharePoint(Service Pack1) when “Advanced Filter Pack” is enabled. According to bulletin, the latest one (Feb’13) update replaces the older one (Oct’12).

 
2.    The later update covers two new vulnerabilities (CVE-2012-3214 & CVE-2012-3217) whereas the previous update addresses around 13 vulnerabilities of “Oracle Outside In Libraries”, which is being used by “Advanced Filter Pack”.
 

3.    Prerequisite : To apply these updates, we must have Service Pack 1 for Microsoft FAST Search Server 2010 for SharePoint.
 
4.    Post Installation : After install this security update on all FAST servers, we must run the “PSconfig” tool to complete the installation.
 
5.    Restart : You may have to restart the computer after you install this security update.  

6.    Un-installation: According to MS Site, this security update cannot be removed. May be we can’t un-install from “Uninstall an update” option in Control Panel or need something else to remove the same completely. 




In addition to the security vulnerabilities that are resolved by this security update((Feb,12 2013), the following nonsecurity issue is also resolved:
·         Symptoms
Sync interval is a configurable parameter. However, it does not work as expected in certain scenarios. In these cases, the trimmer sync process does not accept the "syncIntervalMinutes" configuration changes. This situation can affect customers who require a higher freshness requirement for user group syncing of documents.

Resolution
This update applies a change to the trimmer sync frequency in the Microsoft.sharepoint.search.extended.security.trimingsync.exe.config file.





To install a software update in a multiple server deployment

  1. First update the administration server by following these steps:
    1. Double-click the executable that contains the FAST Search Server 2010 for SharePoint update.
    2. Run the post-setup configuration script:
      1. Open a FAST Search Server 2010 for SharePoint shell as an administrator:
        1. On the Start menu, click All Programs
        2. Click Microsoft FAST Search Server 2010 for SharePoint.
        3. Right click Microsoft FAST Search Server 2010 for SharePoint shell and select Run as administrator.
      2. Browse to <FASTSearchFolder>\installer\scripts, where <FASTSearchFolder> is the path of the folder where you have installed FAST Search Server 2010 for SharePoint, for example C:\FASTSearch.
      3. Type the following command to run the post-setup configuration script in patch mode:
        .\psconfig.ps1 –action p
    3. Verify that the FAST Search for SharePoint service has started.
  2. Follow the steps above on all non-administration servers in the deployment.

Verify successful update

After you have installed a FAST Search Server 2010 for SharePoint software update, verify that the update completed successfully.
  • Check that the update is shown in Installed Updates. In Control Panel, under Programs and Features, click View installed updates.
  • Check the installation log, here: <FASTSearchFolder>\var\log\installer\Psconfig-patch_Server_Name_Random_Number






Troubleshooting

Issue: When you run the post-setup configuration script, you receive the following error message:
Unable to regenerate schema. Please check that the user running this script is a member of the FASTSearchAdministrators group and that the admin services and configuration server are running. Unable to apply schema updates. Please check that the user running this script is a member of the FASTSearchAdministrators group and that the admin services and configuration server are running.

Cause: The World Wide Web Publishing Service has stopped.
Resolution: Start the World Wide Web Publishing Service and re-run the post-setup configuration script: .\psconfig.ps1 –action p 


Note:
1.    Microsoft Baseline Security Analyzer (MBSA) is a tool which lets administrators scan local and remote systems for missing security updates as well as common security misconfigurations. So I think it can be best option to know that our FAST farm is fully updated or not.
2.    To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base Article 887012.