Preventing malicious scripts from being injected into your web portal.
TFS 2015 Update 4 has been a stable "long-tail" version for many enterprises. However, older software is a prime target for vulnerabilities. Microsoft has released several patches—often referred to in documentation as or Update 4.2 —specifically to fix: TFS-Update_4a-pc.zip
Security First: Managing the TFS 2015 Update 4 Patch (TFS-Update_4a-pc.zip) Preventing malicious scripts from being injected into your
Before you unzip TFS-Update_4a-pc.zip and run the installer, ensure you have completed these steps: TFS-Update_4a-pc.zip
Typically, these patches include a tfs2015.4.xpatch.exe . Run this on your Application Tier.
Check the official Microsoft DevOps Blog for the latest patch notes and security advisories. Team Foundation Server 2015 Update 4 Release Notes