Microsoft issues workaround, advice for SharePoint zero-day

Disable SharePoint 2007 help, require admins to run IE8, says Microsoft advisory

By , Computerworld |  Software

Microsoft on Thursday urged SharePoint 2007 administrators to protect systems against a recently revealed zero-day vulnerability that could be exploited to steal company secrets.

The bug, which was disclosed Wednesday by the Swiss security consultancy High-Tech Bridge, could be used by attackers to pilfer confidential information from companies' SharePoint servers, which are widely used to power corporate intranets and enable internal collaboration.

"The most likely attack scenario is that an attacker sends a malicious link to a user who is logged into their SharePoint server. If the user clicks the link, the JavaScript created by the attacker and embedded in the link would execute in the context of the user who clicked the link," said a trio of Microsoft security engineers in an entry on the company's "Security Research & Defense" blog late Thursday.

Although the company acknowledged that it was working on a fix, it has not set a ship date for the update.

Instead, Microsoft offered an interim workaround that involved disabling access to SharePoint's help system by running a pair of commands from the command prompt. The commands modify the access control list (ACL), Windows' list of file access permissions.

"It's safe to assume the bug or at least the known [attack] vector, is in that area of the code," said Andrew Storms, director of security operations at nCircle Security.

Additionally, Microsoft recommended that administrators run Internet Explorer 8 (IE8), which includes a cross-site scripting filter that can reduce the exploit risk. Administrators will need to modify IE8's settings, however, to switch on the filter for the Local Intranet security zone of the browser , since it's off by default.

Network administrators can also use group policies to enable the filter in the Local Intranet Zone for all IE8 users, Microsoft added.

Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), cautioned administrators to watch where they click. "If you are an admin on SharePoint server, don't click on any emailed suspicious links to server," Ness said via Twitter yesterday. SharePoint administrators would likely be targeted, since they have broader access to the server's data, and its settings, than an everyday user.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness