Beyondtrust

BeyondTrust Patch Tuesday

September 11, 2012

Microsoft Patch Summary

This month, Microsoft released two patches that address a total of two vulnerabilities. Both are cross-site scripting vulnerabilities, which may result in elevation of privilege.

Administrators should patch MS12-061 and MS12-062 as soon as possible. As always, BeyondTrust suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the BeyondTrust Security Research Team.
Register Now >>

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: The BeyondTrust Research Team
  • Date/Time: Wednesday, Sept 12th
    1pm PT / 4pm ET / 9pm GMT
VIEW WEBINAR

BULLETIN / ADVISORY DETAILS

MS12-061

Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)


Microsoft Rating:

Important

CVE:

CVE-2012-1892

 

Analysis:

This bulletin addresses a privately reported elevation of privilege vulnerability in Visual Studio Team Foundation Server. The patch fixes a reflected cross-site scripting vulnerability. An attacker that successfully exploited this vulnerability would gain the ability to execute JavaScript on behalf of a currently logged on user.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be installed, ensure that the IE8 and IE9 XSS filter is enabled in the Local intranet security zone.

 

LEARN MORE

MS12-062

Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)


Microsoft Rating:

Important

CVE:

CVE-2012-2536

 

Analysis:

This bulletin addresses a privately reported elevation of privilege vulnerability in System Center Configuration Manager. The patch fixes a reflected cross-site scripting vulnerability. An attacker that successfully exploited this vulnerability would gain the ability to execute JavaScript on behalf of a currently logged on user.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be installed, ensure that the IE8 and IE9 XSS filter is enabled in the Local intranet security zone.

 

LEARN MORE
Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.