Ruggero Strabla

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2008 Gold Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 R2 SP1 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. The exploitation of this vulnerability can enable a remote attacker to perform cross-site scripting attacks. **Recommendations** For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2008 Gold, apply the necessary patch or update to resolve the vulnerability. For Microsoft Windows Server 2008 SP2, install the relevant security update to mitigate the risk. For Microsoft Windows Server 2008 R2, apply the appropriate fix or patch to address the issue. For Microsoft Windows Server 2008 R2 SP1, update to a newer version that includes the resolution for this vulnerability.