Security Update for Unified Access Gateway 2010 with Update 2 (KB2418933)
Vulnerabilities in Forefront Unified Access Gateway could Cause Cross Site Scripting Resulting in Elevation of Privilege
- This security update resolves four privately reported vulnerabilities in Forefront Unified Access Gateway 2010 (UAG). The most severe of these vulnerabilities could allow elevation of privilege if a user visits an affected Web site using a specially crafted URL. An attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.
Here are the cases with the severity rating:
UAG Redirection Issue May Allow Phishing Vulnerability - CVE-2010-2732 (Important - Spoofing)
UAG XSS Allows EOP Vulnerability - CVE-2010-2733 (Important - Elevation of Privilege)
XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability - CVE-2010-2734 (Important - Elevation of Privilege)
XSS in Sginurl.asp Vulnerability - CVE-2010-3936 (Important - Elevation of Privilege)
This download is no longer available on microsoft.com. The downloads below are archives provided by the Internet Archive Wayback Machine from the Microsoft Download Center prior to August 2020.
Operating Systems: Windows Server 2008 R2
- Forefront UAG can be installed on computers running the Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise 64-bit operating systems.
- 1. For the file you want to download, click the Download button on this page.
2. Click Save to download to your computer.