Microsoft Forefront Unified Access Gateway 'MicrosoftClient.Jar' Remote Code Execution Vulnerability
Risk
High
Date Discovered
October 11, 2011
Description
Microsoft Forefront Unified Access Gateway is prone to a remote code-execution vulnerability.
Successful exploits will allow attackers to execute arbitrary code in the context of the logged-in user.
Technologies Affected
- Microsoft Forefront Unified Access Gateway 2010
- Microsoft Forefront Unified Access Gateway 2010 SP1
- Microsoft Forefront Unified Access Gateway 2010 Update 1
- Microsoft Forefront Unified Access Gateway 2010 Update 2
Recommendations
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.
Do not follow links provided by unknown or untrusted sources.
Never follow links provided by unfamiliar or untrusted sources or visit sites of questionable integrity.
The vendor has released an advisory and updates. Please see the referenced advisory for details.
Credits
Microsoft
|
