UPDATE 09/28/10: Check out new security bulletin to download updates http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
You may have already read these articles. If not, please do it right now.
http://www.microsoft.com/technet/security/advisory/2416728.mspx
http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx
I will not repeat the message in those posts, but you should follow the instructions to prevent potential attacks.
So how about SharePoint Server 2007 and WSS 3.0? It’s not on SharePoint Team Blog (yet).
You may need to follow the workaround for ASP.Net 1.0~3.5:
Update: 2007/WSS3 is not vulnerable to the attack. No workaround is needed right now, but you still need to apply the fix when it come out.
Please follow the updated SP team blog post for 2007 issue:
How to validate? Can I type in some non-existing pages to test if web.config changes work on SharePoint?
The answer would be no. When you try to access a non-existing page on a SharePoint site with a modified web.config you will still have 404 codes. But SharePoint has its own custom error handler to generate those 404s for non-existing pages, which will not be able to be used directly by the attack. The workaround will be able to prevent error codes from being generated by accessing certain ASP.Net resources, and it would work if you followed the steps correctly.
Just remember, the ultimate solution is the upcoming ASP.Net fix. This workaround is just temporary, get you protection before the patch is released. Once it’s released, apply the fix and then restore your web.config to the original ones.
Jie
That's odd. Doesn't SP2010 also have custom error handler.
I'm surprised but releaved that SP2007 is not vulnerable. I still don't fully understand why it's not.
Just got updated from our security folks - there's a chance for 2007 to be attacked, please follow the updated post on SharePoint team blog to implement the workaround.
http://www.deecoup.com
Secure Software Development Application
I would like to thank you for the efforts you have made in writing this post.
<a href="marialist.com/.../946_find_classified_like_Craigslist_Memphis.html">Craigslist Memphis</a>
I want to get some <a href="www.facebookstatus123.com/.../hilarious-facebook-status">hilarious facebook status</a> great experience this summer. if so, be sure to explain that. Your cover letter will make a difference in getting the internship
Very helpful post. Very clear commentary and suggested phrasing are most impressive, as are his and your generosity in sharing this explanation and example.
www.testbells.com/646-364.html
I Didnot got what u said....
www.getfacebookbanners.com for more..
Hello I Really Like Your Post. For Those Who Enjoy Statuses On Facebook, We're Just Trying To Make New Status And You Can Also Get Latest Statuses From <a href="www.123status.com/">Facebook Status</a>.
Hello
No doubt you upload a great article for readers. I really appropriate, Please keep sharing informative stuff.
Regard
http://www.mystatuses.com/
Thanks For Giving Us Such Wonderful Knowledge. Lots of Facebook Status ideas to make your facebook wall more interesting. These Facebook Statuses can be updated on your wall within few clicks from http://www.123status.com/.
I want to implement the same technique for my site too at http://ifacebookstatus.com/
The latest vulnerabilities in Microsoft SharePoint that I read was about allowing elevation of privilege. According to technet, the affected programs are Microsoft SharePoint Server 2010 and Microsoft SharePoint Server 2010 Service Pack 1.
Thanks,
Arun
http://arunsan.com
i found a site witch increase your facebook profile
www.facebook-status123.com