Minor Microsoft System Center Operations Manager XSS Vulnerabilities

Besides all the Windows and Windows component-related bulletins from today, Microsoft also released a relatively minor bulletin about two cross-site scripting (XSS) vulnerabilities that affect Microsoft System Center Operations Manager (SCOM) 2007.

For those unaware of this specialized product, SCOM is a centralized, cross-platform management system for 0perating systems and hypervisors, targeted to data centers. It basically helps network operators monitor the health of all their systems, and offers these management capabilities via a web interface.

According to today’s security bulletin, SCOM’s web console suffers from two XSS vulnerabilities. If an attacker knows you use Microsoft SCOM, and can entice you to click on a specially crafted URL, she could exploit this flaw to execute script in your browsers with your privileges. Among other things, this could allow the attacker to do anything on your SCOM server that you could do.

I don’t suspect the majority of WatchGuard’s customers use SCOM, and even if you do, it’s relatively difficult for an attacker to know whether you use it or not. So I doubt many attackers will leverage this vulnerability in the wild. That said, if you do use SCOM, you should apply Microsoft’s update. Furthermore, if you use one of our XTM appliances with the IPS service, we have a signature (EXPLOIT Microsoft SCOM Web Console XSS Vulnerability) that detects this XSS attack. — Corey Nachreiner, CISSP (@SecAdept)

Share This: