XSS Vulnerabilities in Microsoft Servers and Developer Tools

Severity: Medium

Summary:

  • These vulnerabilities affect: Visual Studio Team Foundation Server 2010, Systems Management Server 2003, and System Center Configuration Manager 2007
  • How an attacker exploits it: By enticing a user to click a specially crafted link, or visit a malicious web site
  • Impact: An attacker can elevate his privileges and take any action your users can
  • What to do: Deploy the appropriate update as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Today, Microsoft released two security bulletins describing a pair of cross-site scripting (XSS) vulnerabilities in their Server software and development tools. They rate both updates as Important. The bulletins specifically affect:

  • Visual Studio Team Foundation Server 2010
  • Systems Management Server 2003
  • System Center Configuration Manager 2007

We summarize each bulletin below:

  • MS12-061: Visual Studio Team Foundation XSS Vulnerability

Team Foundation Server is a software development collaborative platform that allows developers to manage multi-person projects. It suffers from a cross-site scripting (XSS) vulnerability, which attackers can potentially leverage to elevation their privilege on your development server.

By enticing one of your users to click a specially crafted link, an attacker could exploit this flaw to  execute script with your user’s privileges. This script could steal the user’s cookies, redirect their browser to malicious sites, or essentially take any action the user could on your Team Foundation Server. If you use this development platform, you should apply Microsoft’s updates as soon as possible.

Microsoft rating: Important.

  • MS12-062: System Center Configuration Manager XSS Vulnerability

System Center Configuration Manager is a PC management platform that allows you to manage many Windows computers at once. You can use it for patch management, software distribution, OS deployment, remote control, and more. It too suffers from a cross-site scripting (XSS) vulnerability, very similar to the one described above. Again, if an attacker can lure you into clicking a specially crafted link, he could exploit this flaw to  execute script with your privileges. This would allow him to do anything in System Center Configuration Manager that you could. If you use this management system in your network, you should apply Microsoft’s patch as soon as possible.

Microsoft rating: Important.

Solution Path:

Microsoft has released updates that correct these vulnerabilities. You should download, test, and deploy the appropriate patches as soon as you can. If you choose, you can also let Windows Update automatically download and install these updates for you, though we recommend you test server patches before deploying them to production environments.

The links below take you directly to the “Affected and Non-Affected Software” section for each bulletin, where you will find links for the various updates:

As an aside, Internet Explorer 8 and above includes an XSS Filter feature, which prevents these sorts of XSS attacks from working. You may want to enable the XSS Filter feature to benefit from its protections.

For All WatchGuard Users:

If you use a WatchGuard XTM appliance with the Intrusion Prevention Service (IPS), it can help mitigate attacks leveraging either of these flaws. According to our Best-in-Class IPS partner, one of our IPS service’s generic XSS signatures detects and prevents these vulnerabilities. We recommend you turn on our IPS service if you haven’t already.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

Trackbacks/Pingbacks

  1. XSS Vulnerabilities in Microsoft Servers and Developer Tools « microreksa - September 11, 2012

    [...] XSS Vulnerabilities in Microsoft Servers and Developer Tools [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 7,581 other followers

%d bloggers like this: