SCCM - Microsoft Security Bulletin MS12-062 - Important Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)

Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)

Published: | Updated:
Version: 1.1 

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
This security update is rated Important for all supported editions of Microsoft System Center Configuration Manager. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that System Center Configuration Manager handles specially crafted requests. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.

Affected Software 

SoftwareMaximum Security ImpactAggregate Severity RatingUpdates Replaced
Microsoft Systems Management Server 2003 Service Pack 3[1]
Elevation of PrivilegeImportantNone
Microsoft System Center Configuration Manager 2007 Service Pack 2[1]
Elevation of PrivilegeImportantNone
[1]This update is available from the Microsoft Download Center only. 

Non-Affected Software

Microsoft System Center 2012 Configuration Manager