Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

This article describes a hotfix that resolves an issue in which unauthorized scripts can run on Microsoft BitLocker Administration and Monitoring (MBAM) webpages. Before you install the update, a script from a user (user A) can run on the computer of another user (user B). The script can run when user B views the MBAM hardware management webpage. The script can change the webpage. Or, the script can let user A perform actions in user B’s web browser.

Cause

This issue occurs because the MBAM hardware management webpage does not encode information before it is displayed on the webpage.

Resolution

Method 1

To resolve this issue, we recommend that you upgrade to MBAM 2.0 or a later version. For more information, go to the following Microsoft website:

Microsoft Desktop Optimization Pack home page

Method 2

To resolve this issue, replace the hardware management webpage (Hardware.aspx) on the MBAM HelpDesk webpage by using a safe version of the Hardware.aspx file. To do this, follow these steps:

  1. Download the package from the following Microsoft website:
    DownloadDownload the package now.

  2. In the .zip file package, extract the Hardware.aspx file that corresponds to the version of MBAM that is installed.

    MBAM version

    Fixed webpage

    MBAM 1.0.1237.1

    MBAM 1.0\Hardware.aspx

    MBAM 1.0.2001.1

    MBAM 1.0R1\Hardware.aspx

  3. Locate the installation location of the MBAM HelpDesk website. To do this, use one of the following methods:

    • Locate the path of the website in the following Internet Information Services (IIS) root folder. This is the default location of the website:
      C:\inetpub\Malta BitLocker Management Solution\Help Desk Website

    • If the path of the website is not set, use the following registry key to locate the website installation location:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft BitLocker Administration and Monitoring\Setup\WebsiteInstallPath

  4. Create a copy of the Hardware.aspx file in the MBAM HelpDesk website directory. Then, save the copy to a directory that is not related to the website. For example, save the copy on the desktop.

  5. Replace the Hardware.aspx file in the MBAM HelpDesk website directory by using the Hardware.aspx file that you extracted.

Prerequisites

To apply this update, you must be running MBAM 1.0.

Registry information

To apply this update, you do not have to make any changes to the registry.

Restart requirement

You do not have to restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×