North52

Simplifying, CRM & xRM

MS CRM 2011 – Implications for Microsoft Security Patch KB2840628

On Tuesday July 09, 2013 Microsoft made available via Windows Update the following security patch,

MS13-052: Description of the security update for the .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

http://support.microsoft.com/kb/2840628

This has had a knock-on affect to applications that run in a sand-boxed environment such as plug-ins running in Microsoft CRM 2011. What we have observed & tested is that if there is a method call on certain classes to the System.Diagnostics namespace an Exception will now be thrown. So your application could be running fine right now but as soon as KB2840628 gets installed via Windows Update or manually by a user the code will now fail & throw an exception. A simple test we ran was to use the standard code from the CRM SDK & add 1 additional line of code to make a tracing call as show below which caused the plugin to throw an exception (listed at bottom of this post).

code_kb2840628

The following are 2 quick & temporary ways  to resolve the issue immediately,

  • Remove KB2840628 from server
  • Using the Plugin Registration tool change the Plugin not to run in the Sandbox

The 2 options above will not be available to you if you are running CRM Online & you won’t know when Microsoft will push the security update to the CRM Online Servers either. The following are the two sets of steps we took to resolve the issue,

Specific to System.Diagnostics

  • Review all your own code for references to the System.Diagnostics namespace
  • Review all third party code libraries for references to the System.Diagnostics namespace
  • If found look to remove code
  • Perform full before & after tests on a server with KB2840628 installed

Note: Method calls to System.Diagnostics such as Trace.TraceInformation() are the only ones we have found & there may be more code that gets affected by this security patch. So we also performed the following,

General Testing

  • Install KB2840628 on a test server
  • Exercise all of your integration & manual tests
  • Perform necessary fixes
  • Please blog or leave a comment on this blog post with any new findings

In the last few days this issue has started to turn up in several other Microsoft & non-Microsoft products,

http://nachtlog.de/sql-server-2012-securityexception-nach-windows-update

http://blogs.msdn.com/b/scstr/archive/2013/07/12/drs-sorunu-yama-ms13-052-gt-net-4-with-sql-2012-y-252-kledikten-sonra.aspx

http://myitforum.com/myitforumwp/2013/07/13/cm-issues-with-ms13-052-kb2840628/

http://social.technet.microsoft.com/Forums/en-US/67677199-1a30-4df9-a8e7-9ab6944e3f84/systemtypeinitializationexception-in-ctor-of-systemdatasqlclientsqlconnection-in

http://social.msdn.microsoft.com/Forums/en-US/30f3d4bb-37e7-46c1-b94b-e79de9a4b740/permission-problem

http://advancedhmi.com/forum/index.php?action=recent

http://microsofttouch.fr/default/b/js/archive/2013/07/14/sccm-2007-2012-effets-de-bord-de-la-kb2840628-du-bulletin-ms13-051.aspx

Plugin Exception from our Sample Test Code Above:

Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=5.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: Unexpected exception from plug-in (Execute): Microsoft.Crm.Sdk.Samples.AccountNumberPlugin: System.MethodAccessException: Attempt by method ‘System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type, System.Type)’ to access method ‘System.Diagnostics.AssertSection..ctor()’ failed.Detail:
<OrganizationServiceFault xmlns:i=”http://www.w3.org/2001/XMLSchema-instance&#8221; xmlns=”http://schemas.microsoft.com/xrm/2011/Contracts”&gt;
<ErrorCode>-2147220956</ErrorCode>
<ErrorDetails xmlns:d2p1=”http://schemas.datacontract.org/2004/07/System.Collections.Generic”&gt;
<KeyValuePairOfstringanyType>
<d2p1:key>CallStack</d2p1:key>
<d2p1:value xmlns:d4p1=”http://www.w3.org/2001/XMLSchema&#8221; i:type=”d4p1:string”> at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean&amp; canBeCached, RuntimeMethodHandleInternal&amp; ctor, Boolean&amp; bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache)
at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache)
at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at System.Configuration.TypeUtil.CreateInstanceRestricted(Type callingType, Type targetType)
at System.Configuration.ConfigurationElement.CreateElement(Type type)
at System.Configuration.ConfigurationElement.get_Item(ConfigurationProperty prop)
at System.Diagnostics.DefaultTraceListener.InitializeSettings()
at System.Diagnostics.DefaultTraceListener.get_LogFileName()
at System.Diagnostics.DefaultTraceListener.Write(String message, Boolean useLogFile)
at System.Diagnostics.TraceListener.WriteHeader(String source, TraceEventType eventType, Int32 id)
at System.Diagnostics.TraceListener.TraceEvent(TraceEventCache eventCache, String source, TraceEventType eventType, Int32 id, String message)
at System.Diagnostics.TraceInternal.TraceEvent(TraceEventType eventType, Int32 id, String format, Object[] args)
at Microsoft.Crm.Sdk.Samples.AccountNumberPlugin.Execute(IServiceProvider serviceProvider)
at Microsoft.Crm.Sandbox.SandboxAppDomainHelper.Execute(IServiceEndpointNotificationService serviceBusService, IOrganizationServiceFactory organizationServiceFactory, String pluginTypeName, String pluginConfiguration, String pluginSecureConfig, IPluginExecutionContext requestContext)
at Microsoft.Crm.Sandbox.SandboxAppDomainHelper.Execute(IServiceEndpointNotificationService serviceBusService, IOrganizationServiceFactory organizationServiceFactory, String pluginTypeName, String pluginConfiguration, String pluginSecureConfig, IPluginExecutionContext requestContext)
at Microsoft.Crm.Sandbox.SandboxWorker.Execute(SandboxCallInfo callInfo, SandboxPluginExecutionContext requestContext, Guid pluginAssemblyId, Int32 sourceHash, String assemblyName, Guid pluginTypeId, String pluginTypeName, String pluginConfiguration, String pluginSecureConfig, SandboxRequestCounter&amp; workerCounter)</d2p1:value>
</KeyValuePairOfstringanyType>
</ErrorDetails>
<Message>Unexpected exception from plug-in (Execute): Microsoft.Crm.Sdk.Samples.AccountNumberPlugin: System.MethodAccessException: Attempt by method ‘System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type, System.Type)’ to access method ‘System.Diagnostics.AssertSection..ctor()’ failed.</Message>
<Timestamp>2013-07-14T18:18:08.308017Z</Timestamp>
<InnerFault i:nil=”true” />
<TraceText>

[SamplePlugins: Microsoft.Crm.Sdk.Samples.AccountNumberPlugin]
[a06ca4b8-a7ec-e211-b741-00155d991705: Microsoft.Crm.Sdk.Samples.AccountNumberPlugin: Create of account]
</TraceText>
</OrganizationServiceFault>

 

 

Updated: 15/07/2013 Updated Url to Security Patch

Advertisements

5 responses to “MS CRM 2011 – Implications for Microsoft Security Patch KB2840628

  1. Pingback: Latest Windows 7, 8 & RT Patches Cause Many Bugs and Issues

  2. Pingback: Probleme mit Microsoft-Patches |silicon.de

  3. Pingback: Microsoft-Patches sorgen für Probleme | ZDNet.de

  4. Aaron 2013/07/22 at 14:36

    This issue has been addressed with the following .Net release: http://support.microsoft.com/kb/2872041

    • North52 2013/07/22 at 14:58

      Aaron, Microsoft are only confirming the issue we raised in that KB article.

      They have yet to release a KB patch that you can download to resolve the issue without using any workarounds.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: