diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Apr302010

Microsoft patches cross-site scripting (XSS) vulnerability in SharePoint via Security Advisory 983438

Microsoft issued a “Security Advisory 983438,” addressing a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0 that could allow Elevation of Privilege (EoP) within the SharePoint site itself. Servers are at reduced risk from Internet Explorer 8 clients, as the Internet Explorer 8 XSS filter helps to mitigate the issue in the internet zone. We are not aware of any active attacks at this time. “Customers running SharePoint Server 2007 or SharePoint Services 3.0 are encouraged to review and apply the mitigations and workarounds discussed in the Security Advisory. These include restricting access to the SharePoint help.aspx XML files and enabling the Internet Explorer 8 XSS filter in the intranet zone,” noted Microsoft.

More info: Microsoft Security Advisory (983438) | Workaround

[Source]

Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!