Risk
4/30/2010
08:49 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Microsoft Issues Workaround For Serious SharePoint Vulnerability

While not a complete patch, the software maker has issued guidance detailing how to mitigate a serious vulnerability that places corporate data at-risk to snooping and theft.

While not a complete patch, the software maker has issued guidance detailing how to mitigate a serious vulnerability that places corporate data at-risk to snooping and theft.On Thursday, the Swiss security company High-Tech Bridge published a security note that detailed a cross-site scripting vulnerability in SharePoint 2007, which makes it possible for attackers to insert and execute JavaScript code of their choice on a system through a browser. The security firm also published proof-of-concept code that demonstrates the vulnerability - so expect attacks to quickly follow.

Because SharePoint servers are used for internal corporate collaboration, they make an ideal target for anyone trying to gain entry to sensitive information.

Today, Microsoft provided a short-term work-around that requires running a number of commands from the command prompt to shut down access to the at-risk part of the system. More detail on the work-around is available here.

On the company's Security, Research and Defense blog, they described the most likely way the vulnerability would be attacked:

The most likely attack scenario, then, is that an attacker sends a malicious link to a user who is logged into their Sharepoint server. If the user clicks the link, the javascript created by the attacker and embedded in the link would execute in the context of the user who clicked the link.

Best advice: apply the workaround, and hope that Microsoft is able to provide a patch for this issue by within month's scheduled patch update, May 11.

For security and technology updates throughout the day, follow me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

CVE-2015-2922
Published: 2015-05-27
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Dark Reading Radio
Listen Now Incident Response War Gaming: Practicing the Post-Breach Panicking
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?