MS10-089: Vulnerabilities in Forefront Unified Access Gateway and Microsoft Intelligent Application Gateway could cause elevation of privilege

<html><body><p>Resolves vulnerabilities in Forefront Unified Access Gateway (UAG) that could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS10-089. To view the complete security bulletin, visit the following Microsoft website: <div><span>IT professionals</span><br /><a href=“http://www.microsoft.com/technet/security/bulletin/ms10-089.mspx” target=“_self”>http://www.microsoft.com/technet/security/bulletin/ms10-089.mspx</a></div><br /><h3>How to obtain help and support for this security update</h3>For enterprise customers, support for security updates is available through your usual support contacts.<br /></div><h2>More Information</h2><div><h3>Known issues with this security update</h3>The following known issues apply to all the related updates that are listed in the “Additional information about this security update” section. <ul><li>This security update is listed in the <span>Programs and Features</span> item in Control Panel as “Hotfix for Microsoft Forefront UAG 2010.” There is no mention that this is a security update. Security updates are otherwise typically listed as “Security Update for <span>xxxxx</span>.”</li><li>When you uninstall this security update, you are prompted to insert the Unified Access Gateway (UAG) CD. The installation program then exits, and you receive a 2920 error. To remove this security update, log on as an administrator, and then uninstall the update by using the <span>Programs and Features</span> item in Control Panel. Click <strong>View installed updates</strong> to access the update. <br /><br /><span>Note</span> We do not recommend that you uninstall any security update. <br /><br /><br /><br /></li><li>You cannot use the <strong>/quiet</strong> and <strong>/forcerestart</strong> switches in combination when you install this update. </li><li>After you install this security update, the <strong>Remote Desktop Gateway</strong> service may not restart automatically. When you try to use the Remote Desktop client to create a remote desktop session, you may receive an error message that resembles the following:<br /><br /><br /><div> <br />Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.<br /></div><br /> <br /><br /><br /><br />If you have any Remote Desktop Services applications that are published by using any UAG trunk, you must manually restart the service by using the <strong>Services </strong>console. </li><li>If you install this security update on the original RTM version of Forefront Unified Access Gateway, and then you apply Forefront Unified Access Gateway Update 1 or Forefront Unified Access Gateway Update 2, you must install this security update again. <br /></li></ul><h3>Additional information about this security update</h3> <br /><br /> <br /><br /> The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br /><br /> <br /><br /><br /><ul><li><div><a href=“https://support.microsoft.com/en-us/help/2433584”>2433584 </a> MS10-089: Description of the security update for Forefront Unified Access Gateway 2010 Update 1: November 9, 2010</div></li><li><div><a href=“https://support.microsoft.com/en-us/help/2433585”>2433585 </a> MS10-089: Description of the security update for Forefront Unified Access Gateway 2010: November 9, 2010</div></li><li><div><a href=“https://support.microsoft.com/en-us/help/2418933”>2418933 </a> MS10-089: Description of the security update for Forefront Unified Access Gateway 2010 Update 2: November 9, 2010</div></li></ul></div></body></html>