Microsoft fixes twin XSS, issues new cert requirement

Powered by SC Magazine
 

Vulnerabilities aren't high-risk.

Microsoft on Tuesday released security updates for two vulnerabilities categorised as important.

The update addressed a Visual Studio Team Foundation Server flaw that permitted privilege escalation for attackers if they visited a malicious web page.

A vulnerability in System Center Configuration Manager was also patched. This could allow similar privilege elevations.

None of the issues addressed were known to be under active exploit, according to a blog post at Microsoft Security Response Center.

“To be able to exploit these vulnerabilities, an attacker would craft a malicious link for a victim to click on, allowing them to compromise the victim's system,” Rapid7 security researcher Marcus Carey told SC.

"It's always a good idea to educate employees [or] end-users on how to spot and avoid suspect links."

The update also includes a new certificate requirement that RSA keys be a minimum of 1,024 bits in length. The new rule resulted from the sophisticated Flame virus, in which attackers beat weak crypto algorithms to spread onto target networks.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Microsoft fixes twin XSS, issues new cert requirement
 
 
 
Top Stories
Parliament passes law to let ASIO tap entire internet
Greens effort to limit devices fails.
 
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
 
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Constantly rushing to the printer to stop other people seeing your printouts?
Sep 24, 2014
Lexmark's latest family of small-business printers include a feature that lets you stop anyone ...
This 4G smartphone costs $219
Sep 3, 2014
It's possible to spend a lot less on a smartphone if you're prepared to go with a brand you ...
Looking for storage? Seagate has five new small business NAS devices
Aug 22, 2014
Seagate has announced a new portfolio of Networked Attached Storage (NAS) solutions specifically ...
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  65%
 
Advanced persistent threats
  5%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1395

Vote