MS10-089: Vulnerabilities in Forefront Unified Access Gateway and Microsoft Intelligent Application Gateway could cause elevation of privilege

2017-01-07T20:54:43
ID KB2316074
Type mskb
Reporter Microsoft
Modified 2019-11-06T02:31:07

Description

<html><body><p>Resolves vulnerabilities in Forefront Unified Access Gateway (UAG) that could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL.</p><h2>INTRODUCTION</h2><div class="kb-summary-section section">Microsoft has released security bulletin MS10-089. To view the complete security bulletin, visit the following Microsoft website: <div class="indent"><span class="text-base">IT professionals</span><br/><a href="http://www.microsoft.com/technet/security/bulletin/ms10-089.mspx" id="kb-link-1" target="_self">http://www.microsoft.com/technet/security/bulletin/ms10-089.mspx</a></div><br/><h3 class="sbody-h3">How to obtain help and support for this security update</h3>For enterprise customers, support for security updates is available through your usual support contacts.<br/></div><h2>More Information</h2><div class="kb-moreinformation-section section"><h3 class="sbody-h3">Known issues with this security update</h3>The following known issues apply to all the related updates that are listed in the "Additional information about this security update" section. <ul class="sbody-free_list"><li>This security update is listed in the <span class="text-base">Programs and Features</span> item in Control Panel as "Hotfix for Microsoft Forefront UAG 2010." There is no mention that this is a security update. Security updates are otherwise typically listed as "Security Update for <span class="sbody-italic">xxxxx</span>."</li><li>When you uninstall this security update, you are prompted to insert the Unified Access Gateway (UAG) CD. The installation program then exits, and you receive a 2920 error. To remove this security update, log on as an administrator, and then uninstall the update by using the <span class="text-base">Programs and Features</span> item in Control Panel. Click <strong class="uiterm">View installed updates</strong> to access the update. <br/><br/><span class="text-base">Note</span> We do not recommend that you uninstall any security update. <br/><br/><br/><br/></li><li>You cannot use the <strong class="uiterm">/quiet</strong> and <strong class="uiterm">/forcerestart</strong> switches in combination when you install this update. </li><li>After you install this security update, the <strong class="uiterm">Remote Desktop Gateway</strong> service may not restart automatically. When you try to use the Remote Desktop client to create a remote desktop session, you may receive an error message that resembles the following:<br/><br/><br/><div class="sbody-error"> <br/>Your computer can't connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.<br/></div><br/> <br/><br/><br/><br/>If you have any Remote Desktop Services applications that are published by using any UAG trunk, you must manually restart the service by using the <strong class="uiterm">Services </strong>console. </li><li>If you install this security update on the original RTM version of Forefront Unified Access Gateway, and then you apply Forefront Unified Access Gateway Update 1 or Forefront Unified Access Gateway Update 2, you must install this security update again. <br/></li></ul><h3 class="sbody-h3">Additional information about this security update</h3> <br/><br/> <br/><br/> The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br/><br/> <br/><br/><br/><ul class="sbody-free_list"><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2433584" id="kb-link-2">2433584 </a> MS10-089: Description of the security update for Forefront Unified Access Gateway 2010 Update 1: November 9, 2010</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2433585" id="kb-link-3">2433585 </a> MS10-089: Description of the security update for Forefront Unified Access Gateway 2010: November 9, 2010</div></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2418933" id="kb-link-4">2418933 </a> MS10-089: Description of the security update for Forefront Unified Access Gateway 2010 Update 2: November 9, 2010</div></li></ul></div></body></html>