Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

System Center Configuration Manager vulnerability could allow escalation of privilege


Report ID: MS201209002
Date Published: 12 September 2012

Criticality: Important
Compromise Type: privilege-escalation cross-site-scripting
Compromise From: remote


Affected Product/Component:

Microsoft Systems Management Server 2003
Microsoft System Center Configuration Manager 2007




Summary

A vulnerability in the System Center Configuration Manager could potentially allow an attacker to carry out the same actions as an authenticated user.



Detailed Description

Microsoft has released a security update to address a cross-site scripting vulnerability reported in the System Center Configuration Manager. The vulnerability was caused improper handling of specially crafted requests, which could allow an attacker to gain access to the System Center Configuration Manager and take actions as an authenticated user.

This vulnerability has been addressed in the latest security update by modifying the way that requests are handled. Users are recommended to install this latest update to their system as a protection measure against potential exploit attemtps.



CVE Reference

CVE-2012-2536



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-062)




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.