SharePoint Plagued by Serious XSS Vulnerability, Microsoft Announces
Redmond-based software giant Microsoft has announced that SharePoint Server 2007 and SharePoint Services 3.0 are plagued by a XSS (cross-site scripting) vulnerability. The vulnerability in question could allow Elevation of Privilege (EoP) within the SharePoint site itself. If exploited by a person with malicious intent, the vulnerability could allow that person to run arbitrary script that could result in the elevation of privilege within the SharePoint site.
As Microsoft explained, Internet Explorer 8 (IE8) clients pose less of a risk to servers because IE8’s XSS filer helps mitigate the issue. “Sharepoint uses Http-Only cookies for authentication. HttpOnly cookies are not accessible through script, significantly mitigating the risk of XSS attacks. IE8’s XSS filter is enabled by default in the Internet Zone. The IE8 XSS filter catches this class of XSS attacks so users of IE8 are at the reduced risk from this vulnerability,” explained MRSC Engineering’s Jonathan Ness, David Ross, and Chengyun Chu.
To help mitigate this issue, Microsoft has released Security Advisory 983438, which you can read here. The security advisory presents mitigations and workarounds that all customers running SharePoint Server 2007 or SharePoint Services 3.0 should review and apply.
According to Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant, Microsoft is not aware of any active attacks at the time.
“We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. As always, Microsoft strives to work with security researchers to address vulnerabilities in our software. This helps ensure that customers receive comprehensive, high-quality updates before cyber criminals learn of – and work to exploit – a vulnerability. Responsible disclosure protects the computer ecosystem and individual computer users from harm,” commented Jerry Bryant.
In related security news, you should know that Opera Software recently rolled out Opera 10.53. The update fixes a vulnerability classified by Opera Software as “extremely severe.”
As Microsoft explained, Internet Explorer 8 (IE8) clients pose less of a risk to servers because IE8’s XSS filer helps mitigate the issue. “Sharepoint uses Http-Only cookies for authentication. HttpOnly cookies are not accessible through script, significantly mitigating the risk of XSS attacks. IE8’s XSS filter is enabled by default in the Internet Zone. The IE8 XSS filter catches this class of XSS attacks so users of IE8 are at the reduced risk from this vulnerability,” explained MRSC Engineering’s Jonathan Ness, David Ross, and Chengyun Chu.
To help mitigate this issue, Microsoft has released Security Advisory 983438, which you can read here. The security advisory presents mitigations and workarounds that all customers running SharePoint Server 2007 or SharePoint Services 3.0 should review and apply.
According to Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant, Microsoft is not aware of any active attacks at the time.
“We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. As always, Microsoft strives to work with security researchers to address vulnerabilities in our software. This helps ensure that customers receive comprehensive, high-quality updates before cyber criminals learn of – and work to exploit – a vulnerability. Responsible disclosure protects the computer ecosystem and individual computer users from harm,” commented Jerry Bryant.
In related security news, you should know that Opera Software recently rolled out Opera 10.53. The update fixes a vulnerability classified by Opera Software as “extremely severe.”
