09-18-12 | Blog Post
Last Tuesday, Microsoft released its security bulletin for the month of September. It’s a fairly short list with only two patches, one for their Studio Team Foundation Server, and another for their System Center Configuration Manager. Here’s a summary of the vulnerabilities:
Studio Team Foundation Server: This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability.
In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website.
System Center Configuration Manager: This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.
An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.
Both of these have the rating of Important, and result in an elevation of privilege if the user clicks on a link or goes to an affected site that is made expressly to exploit the vulnerability mentioned. These patches do not require a restart to the system.
Recommended Reading:
The Sum of All Fears: From Vulnerability to Exploit, the Importance of Patch Management
Social Engineering: Security is a Mindset
The Latest IT Security Stats: Are You At Risk?