Severity Rating: Important
Revision Note: V1.1 (September 12, 2012): Removed Microsoft System Center Configuration Manager 2007 R2 and Microsoft System Center Configuration Manager 2007 R3 from the Non-Affected Software table and added a bulletin FAQ that addresses the issue. Also added a bulletin FAQ to address the server roles that require this update. These are bulletin changes only. There were no changes to detection logic or security update files.
Summary: This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The vulnerability could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to persuade users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.
Powered by WPeMatico