Intrusion Prevention

MS.Windows.AD.Certificate.Service.XSS

Description

This indicates a possible attack against an XSS (Cross Site Scripting) vulnerability in Microsoft Windows Active Directory Certificate Service.

Affected Products

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the patch, available from the vendor's website:
http://www.microsoft.com/technet/security/Bulletin/MS11-051.mspx

CVE References

CVE-2011-1264