Microsoft ForeFront ExcelTable Data Cross-Site Scripting (MS11-079)

Vulnerability
Protection

Check Point Reference:	CPAI-2011-122
Date Published:
Severity:
Source:	Microsoft Security Bulletin MS11-079
Industry Reference(s):	CVE-2011-1896
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Microsoft Forefront Unified Access Gateway 2010 Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Microsoft Forefront Unified Access Gateway 2010 Update 1 Microsoft Forefront Unified Access Gateway 2010 Update 2
Vulnerability Description An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway (UAG) server.

Update/Patch Available
MS11-079

Vulnerability Details
The vulnerability is due to a defect in Forefront Unified Access Gateway (UAG) that allows content to be reflected back to the user. A remote attacker may exploit this vulnerability by enticing a target UAG user to click on a link containing a malicious script. Successful exploitation may result in potentially sensitive information being disclosed to an unprivileged user.

Protection Overview
The protection will block HTTP access requests to the Unified Access Gateway which contain CGI parameters with JavaScript reserved characters in them.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 NGX R65 & IPS-1

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the XSS Attacks protection group.
3. Click Microsoft ForeFront ExcelTable Table Data Cross-Site Scripting (MS11-079).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: XSS Attacks
Description: Microsoft ForeFront ExcelTable Table Data Cross-Site Scripting (MS11-079)

Legal Notice for Threat Center Advisories