Severity Rating: Important
Revision Note: V1.0 (September 11, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
More...
Revision Note: V1.0 (September 11, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
More...
