eEye Digital Security
  • Login to the eEye Business Client Portal
  • Shop for eEye Products
  • Read the eEye Blog
  • Subscribe to eEye RSS Feeds
  • Follow eEye on Twitter
  • Follow eEye of Facebook
 

 
                 
    Microsoft Patch Summary
September 11, 2012

Overview 
This month, Microsoft released two patches that address a total of two vulnerabilities. Both are cross-site scripting vulnerabilities, which may result in elevation of privilege.

Patch Precedence 
Administrators should patch MS12-061 and MS12-062 as soon as possible.
 
As always, BeyondTrust suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the BeyondTrust Security Research Team.

Register Now >>
          
     
Web Event:
Vulnerability Expert Forum (VEF)
 
Presenters:
The BeyondTrust Research Team
 
Date/Time: 
Wednesday, Sept 12th 
1pm PT / 4pm ET / 9pm GMT
 
    
             
                 
  Bulletin/Advisory Details

MS12-061
Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)
Microsoft Rating: Important
CVE: CVE-2012-1892

Analysis
This bulletin addresses a privately reported elevation of privilege vulnerability in Visual Studio Team Foundation Server. The patch fixes a reflected cross-site scripting vulnerability. An attacker that successfully exploited this vulnerability would gain the ability to execute JavaScript on behalf of a currently logged on user.

Recommendations
Deploy patches as soon as possible. Until the patch can be installed, ensure that the IE8 and IE9 XSS filter is enabled in the Local intranet security zone.


MS12-062
Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
Microsoft Rating: Important
CVE List: CVE-2012-2536

Analysis 
This bulletin addresses a privately reported elevation of privilege vulnerability in System Center Configuration Manager. The patch fixes a reflected cross-site scripting vulnerability. An attacker that successfully exploited this vulnerability would gain the ability to execute JavaScript on behalf of a currently logged on user.

Recommendations
Deploy patches as soon as possible. Until the patch can be installed, ensure that the IE8 and IE9 XSS filter is enabled in the Local intranet security zone.
 
  
      Feedback
The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer
The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.		      
                 
 

Contact | Site Map | Privacy | Website Feedback | 1.866.339.3732
© 1998 – 2012 eEye Digital Security. All rights reserved.