September 16, 2014

Microsoft and Adobe release patches

(LiveHacking.Com) – Microsoft has released two security bulletins to fix vulnerabilities in Visual Studio Team Foundation Server and Microsoft System Center Configuration Manager. Both bulletins address escalation of privileges vulnerabilitys. To successfully exploit the Visual studio vulnerability and attacker would need to convince a victim to click on a malicious link or visit a malicious site.

The details are as follow:

  • MS12-061 – Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege – This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability.
  • MS12-062 – Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege – This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.

According to Microsoft neither of the issues addressed, which are rated Important,  is known to be under active exploitation in the wild.

Adobe
Adobe also released a security update, this time for ColdFusion. The hotfix, which is for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX, addresses a vulnerability which could result in a Denial of Service condition.

Affected versions are: ColdFusion 10, 9.0.2, 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks