Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege - Version: 1.4


Extraordinary Robot
News Feed
Severity Rating: Important
Revision Note: V1.4 (January 15, 2014): Bulletin revised to announce a detection change in update 2687356 (a.k.a. 2687442). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Note that update 2687356 is offered through Microsoft Update as update 2687442.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user. clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Continue reading...

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.