For information about specific configuration options in automatic updating in supported editions of Windows XP and Windows Server 2003, see Microsoft Knowledge Base Article 294871. Customers who have not enabled automatic updating need to check for updates from Microsoft Update and install this update manually.
Customers who have automatic updating enabled and configured to check online for updates from Microsoft Update typically will not need to take any action because this security update will be downloaded and installed automatically. Recommendation. Customers can configure automatic updating to check online for updates from Microsoft Update by using the Microsoft Update service. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information. The security update addresses the vulnerability by modifying the way that HTML strings are sanitized. For more information, see the subsection, Affected and Non-Affected Software, in this section. This security update is rated Important for supported editions of Microsoft InfoPath 2007, Microsoft InfoPath 2010, Microsoft Communicator 2007 R2, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft SharePoint Server 2007, Microsoft SharePoint Server 2010, Microsoft Groove Server 2010, Microsoft SharePoint Windows Services 3.0, Microsoft SharePoint Foundation 2010, and Microsoft Office Web Apps 2010. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user. This security update resolves a publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. Version: 1.4 General Information Executive Summary
Published: Octo| Updated: January 15, 2014 Security Bulletin Microsoft Security Bulletin MS12-066 - Important Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
0 kommentar(er)
