A Practical Guide to SharePoint 2013

A Practical Guide to SharePoint 2013
A Practical Guide to SharePoint 2013 - Book by Saifullah Shafiq

Wednesday, September 21, 2011

Security Advisory 2416728 (Vulnerability in ASP.NET) and SharePoint(Via SharePoint blog team)

Extracted from the original post

“** Updated 9/27/2010 7:20PM ** – Updated with Out of Band Security Update announcement details.
** Updated 9/24/2010 4:30PM ** – Updated with additional defensive workaround published by the ASP.NET team valid for ALL affected versions of SharePoint listed below.
** Updated 9/22/2010 10:40AM ** – Updated verification step for SharePoint Server 2007 and Windows SharePoint Services 3.0 and added an exception in the workaround for Windows SharePoint Services 2.0 running under ASP.NET 1.1.
** Updated 9/21/2010 11:05PM ** – Updated with workaround for SharePoint Server 2007 and Windows SharePoint Services 3.0 and updated SharePoint 2010 workaround.
** Updated 9/21/2010 3:06PM ** – Included details for previous releases and workaround for WSS 2.0.

Update: Out of Band Release to address Microsoft Security Advisory 2416728 announcement. See this post for details.

Update: Please note the additional workaround published 9/24/2010 4:40PM. The original security advisoryhas been updated this afternoon to include additional defensive measures (Installing and enabling UrlScan or configuring IIS request filtering). Please read the workarounds section of the security advisory and the update postedhere for full details. This extra step is applicable for ALL versions of SharePoint affected by this issue.

Update: Please note the important change from the 9/21/2010 3:06PM update to this blog post. We originally stated that SharePoint Server 2007 and Windows SharePoint Services 3.0 did not require the workaround to be applied, however, we have recently discovered through testing that a variant of the issue does affect SharePoint Server 2007 and Windows SharePoint Services 3.0 and also requires extra steps in the workaround for SharePoint Server 2010 (Steps 5-9). Customers with these versions should refer to the relevant workaround below. We will continue to keep this post updated with the latest guidance.

We recently released a Microsoft Security Advisory for a vulnerability affecting ASP.NET. This post documents recommended workarounds for the following SharePoint products:

SharePoint 2010

SharePoint Foundation 2010

Microsoft Office SharePoint Server 2007

Windows SharePoint Services 3.0

Windows SharePoint Services 2.0

For complete post, click here.