Microsoft patches moderate
During his September-patch day, Microsoft has released two security updates, high urgency, close the gaps in Visual Studio Team Foundation Server 2010 (TFS) and Systems Management Server 2003 and 2007. Both updates fix cross-site scripting vulnerabilities (XSS) vulnerability in the web interface through which an attacker could execute code on the victim's browser.
Because an attacker can access with the privileges of the user on the web interface, Microsoft classifies the gaps than one privilege escalation (privilege escalation). According to the manufacturer, the gaps are not active yet eye uses to attack.
So from this Patch Tuesday is extremely manageable, the next could have far-reaching consequences: In October, Microsoft distributed a patch via Windows Update, by the operating system explains all future certificates invalid, the RSA key is shorter than 1024 bits. Who manages an infrastructure in which such certificate is used, it should be just in time exchanged for a certificate with a private key has the minimum length. NIST currently recommends for RSA key length of at least 2048 bits.
Microsoft has released a number of other patches, in the opinion of the companies are not safety related. Their installation is partially anticipated reboot. One of the updates is ActiveX kill bit for the vulnerable Cisco plug-in and blocks the execution.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment