This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.
This security update is rated Important for all supported editions of Microsoft Systems Management Server 2003 and Microsoft System Center Configuration Manager 2007. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that System Center Configuration Manager handles specially crafted requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.
Known Issues. Microsoft Knowledge Base Article 2741528 documents the currently known issues that customers may experience when installing this security update. The article also documents recommended solutions for these issues. When currently known issues and recommended solutions pertain only to specific releases of this software, this article provides links to further articles.
For all the details and a download link, please see the following:
J.C. Hornbeck | Knowledge Engineer | Management and Security Division
App-V Team blog: http://blogs.technet.com/appv/
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/
The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/