Wednesday, September 21, 2011

ASP.Net Vulnerability and SharePoint (Via Jie Li)

Extracted

I will not repeat the message in those posts, but you should follow the instructions to prevent potential attacks.

So how about SharePoint Server 2007 and WSS 3.0? It’s not on SharePoint Team Blog (yet).

You may need to follow the workaround for ASP.Net 1.0~3.5:

  • Put error.html in %CommonProgramFiles%\Microsoft Shared\Web Server Extensions\12\template\layouts
  • Modify web.config in each directory under %SystemDrive%\inetpub\wwwroot\wss\virtualdirectories to have a customerror section like this:
  • IISRESET /NOFORCE

Update: 2007/WSS3 is not vulnerable to the attack. No workaround is needed right now, but you still need to apply the fix when it come out.

Please follow the updated SP team blog post for 2007 issue:

For further details click here.


No comments:

Post a Comment