April 30, 2010, 4:39 PM — Microsoft on Thursday urged SharePoint 2007 administrators to protect systems against a recently revealed zero-day vulnerability that could be exploited to steal company secrets.
The bug, which was disclosed Wednesday by the Swiss security consultancy High-Tech Bridge, could be used by attackers to pilfer confidential information from companies' SharePoint servers, which are widely used to power corporate intranets and enable internal collaboration.
Although the company acknowledged that it was working on a fix, it has not set a ship date for the update.
Instead, Microsoft offered an interim workaround that involved disabling access to SharePoint's help system by running a pair of commands from the command prompt. The commands modify the access control list (ACL), Windows' list of file access permissions.
"It's safe to assume the bug or at least the known [attack] vector, is in that area of the code," said Andrew Storms, director of security operations at nCircle Security.
Additionally, Microsoft recommended that administrators run Internet Explorer 8 (IE8), which includes a cross-site scripting filter that can reduce the exploit risk. Administrators will need to modify IE8's settings, however, to switch on the filter for the Local Intranet security zone of the browser , since it's off by default.
Network administrators can also use group policies to enable the filter in the Local Intranet Zone for all IE8 users, Microsoft added.
Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), cautioned administrators to watch where they click. "If you are an admin on SharePoint server, don't click on any emailed suspicious links to server," Ness said via Twitter yesterday. SharePoint administrators would likely be targeted, since they have broader access to the server's data, and its settings, than an everyday user.