Security Update for Unified Access Gateway 2010 with Update 2 (KB2418933)

Language:
English
Vulnerabilities in Forefront Unified Access Gateway could Cause Cross Site Scripting Resulting in Elevation of Privilege
  • Version:

    4.0.1269.250

    File Name:

    UAG-KB2418933-v4.0.1269.250-ENU.msp

    Date Published:

    11/8/2010

    File Size:

    10.8 MB

    KB Articles: KB2418933KB2316074

    Security bulletins:MS10-089

      This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. An attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.

      Here are the cases with the severity rating:
      UAG Redirection Issue May Allow Phishing Vulnerability - CVE-2010-2732 (Important - Spoofing)
      UAG XSS Allows EOP Vulnerability - CVE-2010-2733 (Important - Elevation of Privilege)
      XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability - CVE-2010-2734 (Important - Elevation of Privilege)
      XSS in Sginurl.asp Vulnerability - CVE-2010-3936 (Important - Elevation of Privilege)
  • Supported Operating System

    Windows Server 2008 R2

      Forefront UAG can be installed on computers running the Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise 64-bit operating systems.
    • 1. For the file you want to download, click the Download button on this page.
      2. Click Save to download to your computer.