Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following web based, client-side vulnerability included in the September 2012 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the September release and deploy additional protections as necessary.
MS12-061 – Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privileges (2719584)
- Microsoft Visual Studio Team Foundation Server 2010
CVE-2012-1892 - XSS Vulnerability
Description: A reflected cross-site scripting (XSS) vulnerability exists in Visual Studio Team Foundation Server that could allow an attacker to inject a client-side script into the user’s browser.
MS12-062 – Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
- Microsoft Systems Management Server 2003
- Microsoft System Center Configuration Manager 2007
CVE-2012-2536 - Reflected XSS Vulnerability
Description: A XSS vulnerability exists in System Center Configuration Manager where code can be injected back to the user in the resulting page, effectively allowing attacker-controlled code to run in the context of the user clicking the link.