Last Tuesday, Microsoft released its security bulletin for the month of September. It’s a fairly short list with only two patches, one for their Studio Team Foundation Server, and another for their System Center Configuration Manager. Here’s a summary of the vulnerabilities:
Studio Team Foundation Server: This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability.
In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website.
System Center Configuration Manager: This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.
An attacker would have no way to force users to visit such a website.
Continue reading September Microsoft Security Updates at Managed Data Center News.
