Last Tuesday, Microsoft released its security bulletin for the month of September. It’s a fairly short list with only two patches, one for their Studio Team Foundation Server, and another for their System Center Configuration Manager. Here’s a summary of the vulnerabilities:
Studio Team Foundation Server: This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability.
In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website.
System Center Configuration Manager: This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.
An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.
Both of these have the rating of Important, and result in an elevation of privilege if the user clicks on a link or goes to an affected site that is made expressly to exploit the vulnerability mentioned. These patches do not require a restart to the system.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.