Severity: Medium
Summary:
- These vulnerabilities affect: Visual Studio Team Foundation Server 2010, Systems Management Server 2003, and System Center Configuration Manager 2007
- How an attacker exploits it: By enticing a user to click a specially crafted link, or visit a malicious web site
- Impact: An attacker can elevate his privileges and take any action your users can
- What to do: Deploy the appropriate update as soon as possible, or let Windows Automatic Update do it for you
Exposure:
Today, Microsoft released two security bulletins describing a pair of cross-site scripting (XSS) vulnerabilities in their Server software and development tools. They rate both updates as Important. The bulletins specifically affect:
- Visual Studio Team Foundation Server 2010
- Systems Management Server 2003
- System Center Configuration Manager 2007
We summarize each bulletin below:
- MS12-061: Visual Studio Team Foundation XSS Vulnerability
Team Foundation Server is a software development collaborative platform that allows developers to manage multi-person projects. It suffers from a cross-site scripting (XSS) vulnerability, which attackers can potentially leverage to elevation their privilege on your development server.
By enticing one of your users to click a specially crafted link, an attacker could exploit this flaw to execute script with your user’s privileges. This script could steal the user’s cookies, redirect their browser to malicious sites, or essentially take any action the user could on your Team Foundation Server. If you use this development platform, you should apply Microsoft’s updates as soon as possible.
Microsoft rating: Important.
- MS12-062: System Center Configuration Manager XSS Vulnerability
System Center Configuration Manager is a PC management platform that allows you to manage many Windows computers at once. You can use it for patch management, software distribution, OS deployment, remote control, and more. It too suffers from a cross-site scripting (XSS) vulnerability, very similar to the one described above. Again, if an attacker can lure you into clicking a specially crafted link, he could exploit this flaw to execute script with your privileges. This would allow him to do anything in System Center Configuration Manager that you could. If you use this management system in your network, you should apply Microsoft’s patch as soon as possible.
Microsoft rating: Important.
Solution Path:
Microsoft has released updates that correct these vulnerabilities. You should download, test, and deploy the appropriate patches as soon as you can. If you choose, you can also let Windows Update automatically download and install these updates for you, though we recommend you test server patches before deploying them to production environments.
The links below take you directly to the “Affected and Non-Affected Software” section for each bulletin, where you will find links for the various updates:
As an aside, Internet Explorer 8 and above includes an XSS Filter feature, which prevents these sorts of XSS attacks from working. You may want to enable the XSS Filter feature to benefit from its protections.
For All WatchGuard Users:
If you use a WatchGuard XTM appliance with the Intrusion Prevention Service (IPS), it can help mitigate attacks leveraging either of these flaws. According to our Best-in-Class IPS partner, one of our IPS service’s generic XSS signatures detects and prevents these vulnerabilities. We recommend you turn on our IPS service if you haven’t already.
Status:
Microsoft has released patches to fix these vulnerabilities.