Title

Microsoft System Center Configuration Manager Cross Site Scripting Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in Microsoft System Center Configuration Manager. To exploit this vulnerability, an attacker would entice a user of an affected system to open a malicious link hosted on a web page or sent via email. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code and compromise the affected system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft bulletin MS12-062 (2741528) Vulnerable Applications/Systems: Systems Management Server 2003 SP3 System Center Configuration Manager 2007 SP2 Verify the patch has been installed by checking that the following sample files are at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Applications/Systems not listed below. Reportinginstall.exe Systems Management Server 2003 SP3 - 2.50.4253.3129 System Center Configuration Manager 2007 SP2 - 4.0.6487.2209

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-33786

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.