After a very light Patch Tuesday in September, Microsoft returns to more typical patch levels this month. According to their October advanced notification, Microsoft plans to release seven security bulletins next week, fixing around 20 vulnerabilities in some of their most popular products. The affect products include Windows, Office, SQL Server, Microsoft Server Software, and … [Read more...]
XSS Vulnerabilities in Microsoft Servers and Developer Tools
Severity: Medium Summary: These vulnerabilities affect: Visual Studio Team Foundation Server 2010, Systems Management Server 2003, and System Center Configuration Manager 2007 How an attacker exploits it: By enticing a user to click a specially crafted link, or visit a malicious web site Impact: An attacker can elevate his privileges and take any action your users can What … [Read more...]
Light Patch Tuesday Brings Two XSS Fixes
As I mentioned in last week's early warning, today's Patch Day is extremely light with only two updates. According to their September bulletin summary, Microsoft has only released updates for Visual Studio Foundation Server and System Center Configuration Manager. Both updates fix cross-site scripting (XSS) vulnerabilities that Microsoft rates as Important. If you have either … [Read more...]