With this September Microsoft Patch Tuesday update, we see a set of 2 Important updates.
The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team. From the thousands of applications included in testing for this release, they identified no Amber or Red issues.
Given that these patches update non-critical files a reboot is most probably not required.
Testing Summary
- MS12-061: Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)
- MS12-062: Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
MS12-061
|
Vulnerability
in Visual Studio Team Foundation Server Could Allow Elevation of Privilege
(2719584)
|
Description
|
This security update resolves a privately reported vulnerability in
Visual Studio Team Foundation Server. The vulnerability could allow elevation
of privilege if a user clicks a specially crafted link in an email message or
browses to a webpage that is used to exploit the vulnerability. In all cases,
however, an attacker would have no way to force users to perform these
actions. Instead, an attacker would have to convince users to visit a
website, typically by getting them to click a link in an email message or
Instant Messenger message that takes them to the attacker's website.
|
Payload
|
No specific file information
|
Impact
|
Important - Elevation of Privilege
|
MS12-062
|
Vulnerability
in System Center Configuration Manager Could Allow Elevation of Privilege
(2741528)
|
Description
|
This security update resolves a privately reported vulnerability in
Microsoft System Center Configuration Manager. The vulnerability could allow
elevation of privilege if a user visits an affected website by way of a
specially crafted URL. An attacker would have no way to force users to visit
such a website. Instead, an attacker would have to persuade users to visit
the website, typically by getting them to click a link in an email message or
Instant Messenger message that takes users to the attacker's website.
|
Payload
|
A. Reportchart.asp,
Reportinginstall.exe, Smsse.dll
|
Impact
|
Important - Elevation of Privilege
|
*All results are based on a
ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000
applications.
© 2012 Quest Software, Inc.
No comments:
Post a Comment