Security Update for Unified Access Gateway 2010 with Update 2 (KB2418933)

    Language:
    English
    Vulnerabilities in Forefront Unified Access Gateway could Cause Cross Site Scripting Resulting in Elevation of Privilege
    • Version:

      4.0.1269.250

      File Name:

      UAG-KB2418933-v4.0.1269.250-ENU.msp

      Date Published:

      11/8/2010

      File Size:

      10.8 MB

      KB Articles: KB2418933KB2316074

      Security bulletins:MS10-089

        This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. An attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.

        Here are the cases with the severity rating:
        UAG Redirection Issue May Allow Phishing Vulnerability - CVE-2010-2732 (Important - Spoofing)
        UAG XSS Allows EOP Vulnerability - CVE-2010-2733 (Important - Elevation of Privilege)
        XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability - CVE-2010-2734 (Important - Elevation of Privilege)
        XSS in Sginurl.asp Vulnerability - CVE-2010-3936 (Important - Elevation of Privilege)
    • Supported Operating System

      Windows Server 2008 R2

        Forefront UAG can be installed on computers running the Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise 64-bit operating systems.
      • 1. For the file you want to download, click the Download button on this page.
        2. Click Save to download to your computer.