Wednesday 12 September 2012

ChangeBASE Patch Tuesday Report - September 2012


With this September Microsoft Patch Tuesday update, we see a set of 2 Important updates.

The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team. From the thousands of applications included in testing for this release, they identified no Amber or Red issues.

Given that these patches update non-critical files a reboot is most probably not required.

Testing Summary

  • MS12-061: Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)
  • MS12-062: Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)






MS12-061
Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)
Description
This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
Payload
No specific file information
Impact
Important - Elevation of Privilege


MS12-062
Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
Description
This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Payload
A.     Reportchart.asp, Reportinginstall.exe, Smsse.dll
Impact
Important - Elevation of Privilege

*All results are based on a ChangeBASE Application Compatibility Lab’s test portfolio of over 1,000 applications.

© 2012 Quest Software, Inc.

No comments: