Security Alerts




XSS Vulnerabilities in Microsoft Servers and Developer Tools

Severity: Medium Summary: These vulnerabilities affect:  Visual Studio Team Foundation Server 2010, Systems Management Server 2003, and System Center Configuration Manager 2007 How an attacker exploits it: By enticing a user to click a specially crafted link, or visit a malicious web site Impact:  An attacker can elevate his privileges and take any action your users can What to do: Deploy the appropriate update as soon as possible, or let Windows Automatic Update do it for you Exposure: Today, Microsoft released two security bulletins describing a pair of  cross-site scripting (XSS)  vulnerabilities in their Server software and development tools. They rate both updates as  Important . The bulletins specifically affect: Visual Studio Team Foundation Server 2010 Systems Management Server 2003 System Center Configuration Manager 2007 We summarize each bulletin below: MS12-061 : Visual Studio Team Foundation XSS Vulnerability Team Foundation Server is a software development collaborative platform that allows developers to manage multi-person projects

Source:
XSS Vulnerabilities in Microsoft Servers and Developer Tools
September 11, 2012 — Category: Security Alerts