Security Update for Unified Access Gateway 2010 RTM (KB2433585)

Vulnerabilities in Forefront Unified Access Gateway could Cause Cross Site Scripting Resulting in Elevation of Privilege
  • Version:


    File Name:


    Date Published:


    File Size:

    10.7 MB

    KB Articles: KB2433585KB2316074

    Security bulletins:MS10-089

      This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. An attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.

      Here are the cases with the severity rating:
      UAG Redirection Issue May Allow Phishing Vulnerability - CVE-2010-2732 (Important - Spoofing)
      UAG XSS Allows EOP Vulnerability - CVE-2010-2733 (Important - Elevation of Privilege)
      XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability - CVE-2010-2734 (Important - Elevation of Privilege)
      XSS in Sginurl.asp Vulnerability - CVE-2010-3936 (Important - Elevation of Privilege)
  • Supported Operating System

    Windows Server 2008 R2

      Forefront UAG can be installed on computers running the Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise 64-bit operating systems.
    • 1. For the file you want to download, click the Download button on this page.
      2. Click Save to download to your computer.
Site feedback

What category would you like to give web site feedback on?

Rate your level of satisfaction with this web page today: