Microsoft Team Foundation Server Remote Code Execution Vulnerability

Published On: Dec 06, 2018 13:28

Advisory No: TZCERT/SA/2018/12/05

Source: Microsoft

Software Affected: Team Foundation Server 2018 Update 1.1 Team Foundation Server 2018 Update 3 Team Foundation Server 2018 Update 3.1 Team Foundation Server 2017 Update 3.1

Overview

Multiple vulnerabilities have been identified in Microsoft Team Foundation Server that could allow a remote unauthorized execution of arbitrary code that may result into compromise of potentially sensitive information on the targeted system.

Description

Advisory No: TZCERT/SA/2018/12/05 Date of First Release: 6 December 2018 Source: Microsoft Software Affected:

  1. Team Foundation Server 2018 Update 1.1
  2. Team Foundation Server 2018 Update 3
  3. Team Foundation Server 2018 Update 3.1
  4. Team Foundation Server 2017 Update 3.1
Overview: Multiple vulnerabilities have been identified in Microsoft Team Foundation Server that could allow a remote unauthorized execution of arbitrary code that may result into compromise of potentially sensitive information on the targeted system. Description: Microsoft Team Foundation Server (TFS) has been reported to vulnerable to a remote code execution and Cross-site Scripting (CSS) vulnerabilities. The remote code execution vulnerability is a result of disabling basic authorization on the communication between the Team Foundation Server (TFS) and the search services. Whereas, the Cross-site scripting vulnerability is caused by improper handling of user input into the Team Foundation Server (TFS). An authenticated remote access exploit can exploit these vulnerabilities by sending a specially crafted payload to the Team Foundation Server, which can be executed on user’s behalf upon visiting the compromised page. Impacts: Successful exploitation of the remote code execution vulnerability could allow remote unauthorized access to bypass authorization to run certain commands on the Search service to execute arbitrary code with the privileges of the user. The cross-site scripting vulnerability could allow unauthorized access to perform cross-site scripting attacks on affected systems. Exploitation of these vulnerabilities could allow take off control of the affected system. Solution: Users and administrators are urged to review security updates guide available on Microsoft web portal to fix the vulnerabilities. Reference:
  1. https://portal.msrc.microsoft.com/en-US/security-guidance
  2. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018 - -8529
  3. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018 - -8602
  4. https://www.securityfocus.com/bid/105910/info

Impact

Solution

Users and administrators are urged to review security updates guide available on Microsoft web portal to fix the vulnerabilities.

References

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Report Incident