Microsoft

Security Update for Unified Access Gateway 2010 with Update 2 (KB2418933)

Share
Language:
English
Vulnerabilities in Forefront Unified Access Gateway could Cause Cross Site Scripting Resulting in Elevation of Privilege
  • Details

    Version:
    Date Published:

    4.0.1269.250

    11/8/2010

    File name:
    File size:

    UAG-KB2418933-v4.0.1269.250-ENU.msp

    10.8 MB

    KB Articles: KB2418933, KB2316074
    Security bulletins: MS10-089
      This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. An attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.

      Here are the cases with the severity rating:
      UAG Redirection Issue May Allow Phishing Vulnerability - CVE-2010-2732 (Important - Spoofing)
      UAG XSS Allows EOP Vulnerability - CVE-2010-2733 (Important - Elevation of Privilege)
      XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability - CVE-2010-2734 (Important - Elevation of Privilege)
      XSS in Sginurl.asp Vulnerability - CVE-2010-3936 (Important - Elevation of Privilege)
  • System Requirements

    Supported Operating System

    Windows Server 2008 R2

      Forefront UAG can be installed on computers running the Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise 64-bit operating systems.
  • Install Instructions

      1. For the file you want to download, click the Download button on this page.
      2. Click Save to download to your computer.

Popular downloads

Free PC updates

  • Security patches
  • Software updates
  • Service packs
  • Hardware drivers
Run Microsoft Update
close
moreinfo