(MS12-062) Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
Publish date: September 12, 2012
Severity: HIGH
CVE Identifier: CVE-2012-2536
Advisory Date: SEP 12, 2012
DESCRIPTION
This patch resolves a cross-site scripting (XSS) vulnerability found in System Center Configuration Manager that exists in the following:
- Microsoft Systems Management Server 2003 Service Pack 3
- Microsoft System Center Configuration Manager 2007 Service Pack 2
The vulnerability may be exploited when an attacker creates a page that can exploit the vulnerability.
SOLUTION
AFFECTED SOFTWARE AND VERSION
- Microsoft Systems Management Server 2003 Service Pack 3
- Microsoft System Center Configuration Manager 2007 Service Pack 2
Featured Stories
One Flaw too Many: Vulnerabilities in SCADA SystemsWhat is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.Read more
Drilling Deep: A Look at Cyberattacks on the Oil and Gas IndustryWe break down the digital attacks against the oil and gas industry and its supply chain.Read more
Halloween Exploits Scare: BlueKeep, Chrome’s Zero-Days in the WildPatch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.Read more
PHP-FPM Vulnerability (CVE-2019-11043) can Lead to Remote Code Execution in NGINX Web ServersAdministrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.Read more