Security Update for Unified Access Gateway 2010 with Update 2 (KB2418933)

Language:
English
Vulnerabilities in Forefront Unified Access Gateway could Cause Cross Site Scripting Resulting in Elevation of Privilege
  • Version:

    4.0.1269.250

    File Name:

    UAG-KB2418933-v4.0.1269.250-ENU.msp

    Date Published:

    11/8/2010

    File Size:

    10.8 MB

    KB Articles: KB2418933KB2316074

    Security bulletins:MS10-089

      This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. An attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.

      Here are the cases with the severity rating:
      UAG Redirection Issue May Allow Phishing Vulnerability - CVE-2010-2732 (Important - Spoofing)
      UAG XSS Allows EOP Vulnerability - CVE-2010-2733 (Important - Elevation of Privilege)
      XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability - CVE-2010-2734 (Important - Elevation of Privilege)
      XSS in Sginurl.asp Vulnerability - CVE-2010-3936 (Important - Elevation of Privilege)
  • Supported Operating System

    Windows Server 2008 R2

      Forefront UAG can be installed on computers running the Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise 64-bit operating systems.
    • 1. For the file you want to download, click the Download button on this page.
      2. Click Save to download to your computer.
Site feedback
Microsoft

What category would you like to give web site feedback on?



Rate your level of satisfaction with this web page today:

Comments:

Submit