Extracted from the original post
“** Updated 9/27/2010 7:20PM ** – Updated with Out of Band Security Update announcement details.
** Updated 9/24/2010 4:30PM ** – Updated with additional defensive workaround published by the ASP.NET team valid for ALL affected versions of SharePoint listed below.
** Updated 9/22/2010 10:40AM ** – Updated verification step for SharePoint Server 2007 and Windows SharePoint Services 3.0 and added an exception in the workaround for Windows SharePoint Services 2.0 running under ASP.NET 1.1.
** Updated 9/21/2010 11:05PM ** – Updated with workaround for SharePoint Server 2007 and Windows SharePoint Services 3.0 and updated SharePoint 2010 workaround.
** Updated 9/21/2010 3:06PM ** – Included details for previous releases and workaround for WSS 2.0.
Update: Out of Band Release to address Microsoft Security Advisory 2416728 announcement. See this post for details.
Update: Please note the additional workaround published 9/24/2010 4:40PM. The original security advisoryhas been updated this afternoon to include additional defensive measures (Installing and enabling UrlScan or configuring IIS request filtering). Please read the workarounds section of the security advisory and the update postedhere for full details. This extra step is applicable for ALL versions of SharePoint affected by this issue.
Update: Please note the important change from the 9/21/2010 3:06PM update to this blog post. We originally stated that SharePoint Server 2007 and Windows SharePoint Services 3.0 did not require the workaround to be applied, however, we have recently discovered through testing that a variant of the issue does affect SharePoint Server 2007 and Windows SharePoint Services 3.0 and also requires extra steps in the workaround for SharePoint Server 2010 (Steps 5-9). Customers with these versions should refer to the relevant workaround below. We will continue to keep this post updated with the latest guidance.
We recently released a Microsoft Security Advisory for a vulnerability affecting ASP.NET. This post documents recommended workarounds for the following SharePoint products:
SharePoint 2010
SharePoint Foundation 2010
Microsoft Office SharePoint Server 2007
Windows SharePoint Services 3.0
Windows SharePoint Services 2.0
”
For complete post, click here.
No comments:
Post a Comment