Microsoft on Tuesday released security updates for two vulnerabilities categorised as important.
The update addressed a Visual Studio Team Foundation Server flaw that permitted privilege escalation for attackers if they visited a malicious web page.
A vulnerability in System Center Configuration Manager was also patched. This could allow similar privilege elevations.
None of the issues addressed were known to be under active exploit, according to a blog post at Microsoft Security Response Center.
“To be able to exploit these vulnerabilities, an attacker would craft a malicious link for a victim to click on, allowing them to compromise the victim's system,” Rapid7 security researcher Marcus Carey told SC.
"It's always a good idea to educate employees [or] end-users on how to spot and avoid suspect links."
The update also includes a new certificate requirement that RSA keys be a minimum of 1,024 bits in length. The new rule resulted from the sophisticated Flame virus, in which attackers beat weak crypto algorithms to spread onto target networks.
_(23).jpg&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
