SDL TMS 11.4 | CRQ-10641 | Installing Microsoft security updates may prevent SDL TMS from working

Symptoms:
Installing the security update for Microsoft Windows Server 2012 R2 (KB4338419, KB4338420) can prevent users from being able to access the SDL TMS user interface. Despite being able to log in normally, subsequent pages result in a server-side error. On some servers, the incompatibility is seen when starting the web site in which case the entire UI is inaccessible.

Explanation:
The security update is a remediation for an "elevation of privilege" vulnerability in the .NET Framework which could allow an attacker to elevate their user rights level. To exploit the vulnerability, an attacker would first have to access the local computer, and then run a malicious program. This update addresses the vulnerability by correcting how .NET Framework enables COM objects. To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8202. Changing the way in which COM objects are invoked has a direct impact on the SDL TMS user interface.

Resolution:
The provided hotfix changes the way in which the SDL TMS application pools are configured in IIS which, in turn, allows SDL TMS to continue working on all servers that have the security update applied.

SDL-hosted customers should contact SDL Support to arrange for this hotfix to be deployed.

Customers who host SDL TMS themselves should download the installer for SDLTMS11.4.0 Hotfix for CRQ-10641.exe from the following FTP site: ftp://ftp-emea.sdlproducts.com/SDL TMS/11.4/Hotfix/