Thursday, 23 September 2010

Security Advisory 2416728 (Vulnerability in ASP.NET) and SharePoint

** Updated 24/09/2010 4:30PM ** – Updated with additional defensive workaround published by the ASP.NET team valid for ALL affected versions of SharePoint listed below.

Microsoft has recently blogged that the vulnerability in ASP.Net affects SharePoint and the workaround should be applied ASAP on every single SharePoint WFE server http://blogs.msdn.com/b/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx

Microsoft has recently released a Microsoft Security Advisory for a vulnerability affecting ASP.NET.  This post documents recommended workarounds for the following SharePoint products:

  • SharePoint 2010
  • SharePoint Foundation 2010
  • Microsoft Office SharePoint Server 2007
  • Windows SharePoint Services 3.0
  • Windows SharePoint Services 2.0