MS13-103: Description of the security update for Microsoft Visual Studio Team Foundation Server 2013: December 10, 2013

2013-12-10T00:00:00
ID KB2903566
Type mskb
Reporter Microsoft
Modified 2020-04-16T07:55:15

Description

<html><body><p>Resolves a vulnerability in ASP.NET SignalR that could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.</p><h2>INTRODUCTION</h2><div class="kb-summary-section section">Microsoft has released security bulletin MS13-103. To view the complete security bulletin, go to the following Microsoft website: <ul class="sbody-free_list"><li>IT professionals:<br/><div class="indent"><a href="http://technet.microsoft.com/security/bulletin/ms13-103" id="kb-link-1" target="_self">http://technet.microsoft.com/security/bulletin/MS13-103</a></div></li></ul><h3 class="sbody-h3">How to obtain help and support for this security update</h3>Help installing updates:<br/><a href="https://support.microsoft.com/ph/6527" id="kb-link-2" target="_self">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals:<br/><a href="http://technet.microsoft.com/security/bb980617.aspx" id="kb-link-3" target="_self">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer from viruses and malware: <a href="https://support.microsoft.com/contactus/cu_sc_virsec_master" id="kb-link-4" target="_self">Virus Solution and Security Center</a><br/><br/>Local support according to your country:<br/><a href="https://support.microsoft.com/common/international.aspx" id="kb-link-5" target="_self">International Support</a><br/><br/></div><h2>More Information</h2><div class="kb-moreinformation-section section"><span>The following file is available for download from the Microsoft Download Center:<br/></span><br/><br/><h4 class="sbody-h4">For Microsoft Visual Studio Team Foundation Server 2013 </h4><span><img alt="Download " class="graphic" src="/library/images/support/kbgraphics/public/en-us/download.gif" title="Download "/><a href="http://www.microsoft.com/download/details.aspx?familyid=4472c330-2cc9-4a53-bf7b-0782b089de78" id="kb-link-6" target="_self">Download the package now.</a></span><br/><br/><span>Release Date: December 10, 2013<br/><br/>For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:<br/><div class="indent"><a href="https://support.microsoft.com/en-us/help/119591" id="kb-link-7">119591 </a> How to obtain Microsoft support files from online services<br/></div>Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.<br/></span></div><h2>FILE INFORMATION</h2><div class="kb-summary-section section">The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.<br/><br/><br/><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">Visual Studio Team Foundation Server 2013 file information</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th></tr><tr class="sbody-tr"><td class="sbody-td">Index.aspx</td><td class="sbody-td"></td><td class="sbody-td">2,483</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.AspNet.SignalR.Core.dll</td><td class="sbody-td">1.1.21022.0</td><td class="sbody-td">274,104</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.AspNet.SignalR.Owin.dll</td><td class="sbody-td">1.1.21022.0</td><td class="sbody-td">68,280</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.AspNet.SignalR.SystemWeb.dll</td><td class="sbody-td">1.1.21022.0</td><td class="sbody-td">17,592</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.TeamFoundation.Chat.Server.dll</td><td class="sbody-td">12.0.21106.0</td><td class="sbody-td">153,360</td><td class="sbody-td">07-Nov-2013</td><td class="sbody-td">10:36</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.TeamFoundation.Server.WebAccess.dll</td><td class="sbody-td">12.0.21106.0</td><td class="sbody-td">585,000</td><td class="sbody-td">07-Nov-2013</td><td class="sbody-td">11:03</td></tr><tr class="sbody-tr"><td class="sbody-td">jquery.signalR-1.1.4.js</td><td class="sbody-td"></td><td class="sbody-td">106,365</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">jquery.signalR-1.1.4.min.js</td><td class="sbody-td"></td><td class="sbody-td">38,744</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr></table></div></div><br/></span></div></div></div></div></body></html>