MS13-103: Description of the security update for Microsoft Visual Studio Team Foundation Server 2013: December 10, 2013
2013-12-10T00:00:00
ID KB2903566 Type mskb Reporter Microsoft Modified 2020-04-16T07:55:15
Description
<html><body><p>Resolves a vulnerability in ASP.NET SignalR that could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.</p><h2>INTRODUCTION</h2><div class="kb-summary-section section">Microsoft has released security bulletin MS13-103. To view the complete security bulletin, go to the following Microsoft website: <ul class="sbody-free_list"><li>IT professionals:<br/><div class="indent"><a href="http://technet.microsoft.com/security/bulletin/ms13-103" id="kb-link-1" target="_self">http://technet.microsoft.com/security/bulletin/MS13-103</a></div></li></ul><h3 class="sbody-h3">How to obtain help and support for this security update</h3>Help installing updates:<br/><a href="https://support.microsoft.com/ph/6527" id="kb-link-2" target="_self">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals:<br/><a href="http://technet.microsoft.com/security/bb980617.aspx" id="kb-link-3" target="_self">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer from viruses and malware: <a href="https://support.microsoft.com/contactus/cu_sc_virsec_master" id="kb-link-4" target="_self">Virus Solution and Security Center</a><br/><br/>Local support according to your country:<br/><a href="https://support.microsoft.com/common/international.aspx" id="kb-link-5" target="_self">International Support</a><br/><br/></div><h2>More Information</h2><div class="kb-moreinformation-section section"><span>The following file is available for download from the Microsoft Download Center:<br/></span><br/><br/><h4 class="sbody-h4">For Microsoft Visual Studio Team Foundation Server 2013 </h4><span><img alt="Download " class="graphic" src="/library/images/support/kbgraphics/public/en-us/download.gif" title="Download "/><a href="http://www.microsoft.com/download/details.aspx?familyid=4472c330-2cc9-4a53-bf7b-0782b089de78" id="kb-link-6" target="_self">Download the package now.</a></span><br/><br/><span>Release Date: December 10, 2013<br/><br/>For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:<br/><div class="indent"><a href="https://support.microsoft.com/en-us/help/119591" id="kb-link-7">119591 </a> How to obtain Microsoft support files from online services<br/></div>Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.<br/></span></div><h2>FILE INFORMATION</h2><div class="kb-summary-section section">The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.<br/><br/><br/><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">Visual Studio Team Foundation Server 2013 file information</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">File version</th><th class="sbody-th">File size</th><th class="sbody-th">Date</th><th class="sbody-th">Time</th></tr><tr class="sbody-tr"><td class="sbody-td">Index.aspx</td><td class="sbody-td"></td><td class="sbody-td">2,483</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.AspNet.SignalR.Core.dll</td><td class="sbody-td">1.1.21022.0</td><td class="sbody-td">274,104</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.AspNet.SignalR.Owin.dll</td><td class="sbody-td">1.1.21022.0</td><td class="sbody-td">68,280</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.AspNet.SignalR.SystemWeb.dll</td><td class="sbody-td">1.1.21022.0</td><td class="sbody-td">17,592</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.TeamFoundation.Chat.Server.dll</td><td class="sbody-td">12.0.21106.0</td><td class="sbody-td">153,360</td><td class="sbody-td">07-Nov-2013</td><td class="sbody-td">10:36</td></tr><tr class="sbody-tr"><td class="sbody-td">Microsoft.TeamFoundation.Server.WebAccess.dll</td><td class="sbody-td">12.0.21106.0</td><td class="sbody-td">585,000</td><td class="sbody-td">07-Nov-2013</td><td class="sbody-td">11:03</td></tr><tr class="sbody-tr"><td class="sbody-td">jquery.signalR-1.1.4.js</td><td class="sbody-td"></td><td class="sbody-td">106,365</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr><tr class="sbody-tr"><td class="sbody-td">jquery.signalR-1.1.4.min.js</td><td class="sbody-td"></td><td class="sbody-td">38,744</td><td class="sbody-td">08-Nov-2013</td><td class="sbody-td">01:25</td></tr></table></div></div><br/></span></div></div></div></div></body></html>
{"id": "KB2903566", "bulletinFamily": "microsoft", "title": "MS13-103: Description of the security update for Microsoft Visual Studio Team Foundation Server 2013: December 10, 2013", "description": "<html><body><p>Resolves a vulnerability in ASP.NET SignalR that could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS13-103. To view the complete security bulletin, go to\u00a0the following Microsoft website:\u00a0<ul class=\"sbody-free_list\"><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms13-103\" id=\"kb-link-1\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS13-103</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates:<br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-2\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals:<br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-3\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer from viruses and malware: <a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-4\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country:<br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-5\" target=\"_self\">International Support</a><br/><br/></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><span>The following file is available for download from the Microsoft Download Center:<br/></span><br/><br/><h4 class=\"sbody-h4\">For Microsoft Visual Studio Team Foundation Server 2013 </h4><span><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"http://www.microsoft.com/download/details.aspx?familyid=4472c330-2cc9-4a53-bf7b-0782b089de78\" id=\"kb-link-6\" target=\"_self\">Download the package now.</a></span><br/><br/><span>Release Date: December 10, 2013<br/><br/>For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:<br/><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/119591\" id=\"kb-link-7\">119591 </a> How to obtain Microsoft support files from online services<br/></div>Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.<br/></span></div><h2>FILE INFORMATION</h2><div class=\"kb-summary-section section\">The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.<br/><br/><br/><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">Visual Studio Team Foundation Server 2013 file information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">File version</th><th class=\"sbody-th\">File size</th><th class=\"sbody-th\">Date</th><th class=\"sbody-th\">Time</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Index.aspx</td><td class=\"sbody-td\"></td><td class=\"sbody-td\">2,483</td><td class=\"sbody-td\">08-Nov-2013</td><td class=\"sbody-td\">01:25</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Microsoft.AspNet.SignalR.Core.dll</td><td class=\"sbody-td\">1.1.21022.0</td><td class=\"sbody-td\">274,104</td><td class=\"sbody-td\">08-Nov-2013</td><td class=\"sbody-td\">01:25</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Microsoft.AspNet.SignalR.Owin.dll</td><td class=\"sbody-td\">1.1.21022.0</td><td class=\"sbody-td\">68,280</td><td class=\"sbody-td\">08-Nov-2013</td><td class=\"sbody-td\">01:25</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Microsoft.AspNet.SignalR.SystemWeb.dll</td><td class=\"sbody-td\">1.1.21022.0</td><td class=\"sbody-td\">17,592</td><td class=\"sbody-td\">08-Nov-2013</td><td class=\"sbody-td\">01:25</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Microsoft.TeamFoundation.Chat.Server.dll</td><td class=\"sbody-td\">12.0.21106.0</td><td class=\"sbody-td\">153,360</td><td class=\"sbody-td\">07-Nov-2013</td><td class=\"sbody-td\">10:36</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">Microsoft.TeamFoundation.Server.WebAccess.dll</td><td class=\"sbody-td\">12.0.21106.0</td><td class=\"sbody-td\">585,000</td><td class=\"sbody-td\">07-Nov-2013</td><td class=\"sbody-td\">11:03</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">jquery.signalR-1.1.4.js</td><td class=\"sbody-td\"></td><td class=\"sbody-td\">106,365</td><td class=\"sbody-td\">08-Nov-2013</td><td class=\"sbody-td\">01:25</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">jquery.signalR-1.1.4.min.js</td><td class=\"sbody-td\"></td><td class=\"sbody-td\">38,744</td><td class=\"sbody-td\">08-Nov-2013</td><td class=\"sbody-td\">01:25</td></tr></table></div></div><br/></span></div></div></div></div></body></html>", "published": "2013-12-10T00:00:00", "modified": "2020-04-16T07:55:15", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://support.microsoft.com/en-us/help/2903566/", "reporter": "Microsoft", "references": [], "cvelist": [], "type": "mskb", "lastseen": "2021-01-01T22:36:19", "edition": 4, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "msupdate", "idList": ["MS:34F278E4-2E5C-4FD5-8E32-AAFD56CD06B8"]}, {"type": "mskb", "idList": ["KB2905244"]}], "modified": "2021-01-01T22:36:19", "rev": 2}, "score": {"value": -0.6, "vector": "NONE", "modified": "2021-01-01T22:36:19", "rev": 2}, "vulnersScore": -0.6}, "kb": "KB2903566", "msrc": "MS13-103", "mscve": "", "msfamily": "", "msplatform": "", "msproducts": ["17641"], "supportAreaPaths": ["a21b6a7e-9507-2cbc-0bb6-9d01ea6dc372"], "supportAreaPathNodes": [{"id": "a21b6a7e-9507-2cbc-0bb6-9d01ea6dc372", "name": "TFS 2013", "parent": "dc75963b-7ebd-5102-77bd-d7030bd830bd", "tree": [], "type": "productversion"}], "primarySupportAreaPath": [{"id": "a21b6a7e-9507-2cbc-0bb6-9d01ea6dc372", "name": "TFS 2013", "parent": "dc75963b-7ebd-5102-77bd-d7030bd830bd", "tree": [], "type": "productversion"}, {"id": "dc75963b-7ebd-5102-77bd-d7030bd830bd", "name": "Team Foundation Server 2013", "parent": "4fd4947b-15ea-ce01-080f-97f2ca3c76e8", "tree": [], "type": "productname"}, {"id": "4fd4947b-15ea-ce01-080f-97f2ca3c76e8", "name": "Developer Tools", "tree": [], "type": "productfamily"}], "superseeds": [], "parentseeds": [], "msimpact": "", "msseverity": "", "scheme": null}
{"msupdate": [{"lastseen": "2019-07-31T19:29:38", "bulletinFamily": "microsoft", "cvelist": [], "description": "This security update resolves a privately reported vulnerability in TFS 2013 web access. The vulnerability could allow java script to be executed on a vulnerable browser if an attacker sends a specially crafted message.", "edition": 1, "modified": "2013-12-10T18:00:00", "id": "MS:34F278E4-2E5C-4FD5-8E32-AAFD56CD06B8", "href": "https://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=34f278e4-2e5c-4fd5-8e32-aafd56cd06b8", "published": "2013-12-10T18:00:00", "title": "Security Update for Microsoft Visual Studio Team Foundation Server 2013 (KB2903566)", "type": "msupdate", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2021-01-01T22:49:01", "bulletinFamily": "microsoft", "cvelist": ["CVE-2013-5042"], "description": "<html><body><p>Resolves a vulnerability in ASP.NET SignalR that could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.</p><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS13-103. To view the complete security bulletin, visit one of the following Microsoft websites:<br/><ul class=\"sbody-free_list\"><li>Home users:<br/><div class=\"indent\"><a href=\"http://www.microsoft.com/security/pc-security/updates.aspx\" id=\"kb-link-1\" target=\"_self\">http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class=\"text-base\">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class=\"indent\"><a href=\"http://update.microsoft.com/microsoftupdate/\" id=\"kb-link-2\" target=\"_self\">http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class=\"indent\"><a href=\"http://technet.microsoft.com/security/bulletin/ms13-103\" id=\"kb-link-3\" target=\"_self\">http://technet.microsoft.com/security/bulletin/MS13-103</a></div></li></ul><h3 class=\"sbody-h3\">How to obtain help and support for this security update</h3>Help installing updates:<br/><a href=\"https://support.microsoft.com/ph/6527\" id=\"kb-link-4\" target=\"_self\">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals:<br/><a href=\"http://technet.microsoft.com/security/bb980617.aspx\" id=\"kb-link-5\" target=\"_self\">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your computer that is running Windows from viruses and malware:<br/><a href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-6\" target=\"_self\">Virus Solution and Security Center</a><br/><br/>Local support according to your country:<br/><a href=\"https://support.microsoft.com/common/international.aspx\" id=\"kb-link-7\" target=\"_self\">International Support</a><br/><br/></div><h2>More Information</h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br/><ul class=\"sbody-free_list\"><li><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2903566\" id=\"kb-link-8\">2903566 </a> MS13-103: Description of the security update for Microsoft Visual Studio Team Foundation Server 2013: December 10, 2013</div></li><li><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/2903919\" id=\"kb-link-9\">2903919 </a>\u00a0MS13-103: Description of the security update for ASP.NET SignalR: December 10, 2013</div></li></ul></div><h2></h2><div class=\"kb-moreinformation-section section\"><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\"><span class=\"bold btn-link\">File hash information</span></span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><span><div class=\"kb-collapsible kb-collapsible-collapsed\"><div class=\"table-responsive\"><table class=\"sbody-table table\"><tr class=\"sbody-tr\"><th class=\"sbody-th\">File name</th><th class=\"sbody-th\">SHA1 hash</th><th class=\"sbody-th\">SHA256 hash</th></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">SignalR-KB2903919.msi</td><td class=\"sbody-td\">C719B287996A0FF3F26AC146621F2E394914CA43</td><td class=\"sbody-td\">D7C1BDA20A6569DE2D2BC69996957E69209C05E5450A801180905898D0279AD3</td></tr><tr class=\"sbody-tr\"><td class=\"sbody-td\">TFS2013-KB2903566.exe</td><td class=\"sbody-td\">CD8CF9E017607E3486BB7244F496167D6D7C42FB</td><td class=\"sbody-td\">36965DF098B23F3DF275060D4F2D838943C93C95027F224BD47A5AC6F7A63E6D</td></tr></table></div></div><br/></span></div></div></div></div><h2>Applies to</h2><div class=\"kb-summary-section section\"><ul class=\"sbody-free_list\"><li>ASP.NET SignalR 1.1.x\u00a0</li><li>ASP.NET SignalR 2.0.x\u00a0</li><li>Microsoft Visual Studio Team Foundation Server 2013</li></ul><span class=\"text-base\">Note</span> The ASP.NET SignalR updates apply to Windows-based servers that host web applications that support ASP.NET SignalR functionality.\u00a0These updates are available only for download, and they update versions 1.1.0, 1.1.1, 1.1.2, 1.1.3, and version 2.0.0 to the latest supported versions (1.1.4 and 2.0.1, as of the date of this bulletin).\u00a0See the \"Security Update Deployment\" section of the <a href=\"http://technet.microsoft.com/security/bulletin/ms13-103\" id=\"kb-link-11\" target=\"_self\">security bulletin</a> for more information.\u00a0</div></body></html>", "edition": 2, "modified": "2018-04-17T20:27:02", "id": "KB2905244", "href": "https://support.microsoft.com/en-us/help/2905244/", "published": "2013-12-10T00:00:00", "title": "MS13-103: Vulnerability in ASP.NET SignalR could allow elevation of privilege: December 10, 2013", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
