Last night Microsoft released a security update for UAG that fixes vulnerabilities in all of the current releases of UAG including the RTM
, Update 1
and Update 2
According to Security Bulletin MS10-089
, this Hotfix addresses 4 vulnerabilities, including a potential "URL Spoofing" or URL Redirection risk which would be apply to you if you use application publishing through UAG, such as OWA.
I personally recomend that you make sure you have already installed Update 2 and then apply this update. why? If you apply this to RTM and then install U1 or U2 then you will need to install this Hotfix again, so you may as well get it all done in one shot and in the right order.
: UAG Update 2 (in case you haven't installed it yet)
: Security Update for Unified Access Gateway 2010 with Update 2
Just like the other updates for UAG, you must run this from an elevated command prompt (don't just double click it).
Once you have installed the update you will need to reactivate your UAG Configuration. Also, according to KB2316074
, the Remote Desktop Gateway service might not restart automatically and you may need to manually kick it up.