Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
General Information
Executive Summary
This security update resolves two privately reported vulnerabilities in Microsoft System Center Operations Manager. The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.
This security update is rated Important for all supported editions of Microsoft System Center Operations Manager 2007. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by modifying the way that Microsoft System Center Operations Manager accepts input. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service.
Known Issues. None
Affected and Non-Affected Software
The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.
| Software | Maximum Security Impact | Aggregate Severity Rating | Updates Replaced |
|---|---|---|---|
| Microsoft System Center Operations Manager 2007 Service Pack 1[1] | Elevation of Privilege | Important | None |
| Microsoft System Center Operations Manager 2007 R2[2][3] (KB2783850) | Elevation of Privilege | Important | None |
[1]The security update for Microsoft System Center Operations Manager 2007 Service Pack 1 is unavailable at this time.
[2]This update is available from the Microsoft Download Center only.
[3]This update is cumulative and replaces previous cumulative updates for the specified software.
Note: Microsoft System Center 2012 Operations Manager is Non-Affected !
This posting is provided "AS IS" with no warranties.
No comments:
Post a Comment