Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Microsoft SharePoint security hole exposes sensitive data

Add to     Digg this story Digg this

May 6, 2010

Microsoft says that it's in the process of investigating a security hole that is apparently present in older versions of its SharePoint Server software that an independent researcher says can easily expose private information, sensitive data and user authentication passwords.

Click here to order the best dedicated server and at a great price.

The vulnerability exists due to failure in the '/layouts/help.aspx' script to properly 'clean' user-supplied input in the "cid0' variable," the Microsoft security advisory states.

"Successful exploitation of this security flaw could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data."

The XSS, or cross-site scripting vulnerability has already been confirmed in SharePoint Server 2007 and is likely also present in earlier versions of the CMS (content management system) software, a MS advisory from High-Tech Bridge warned.

It allows adversaries to inject malicious javascript into the application by appending commands to the address of the targeted system.

High-Tech Bridge said they notified Microsoft of the security hole on April 12, but only made the report public on April 29.

So far, a Microsoft spokeswoman said yesterday that researchers are in the process of drafting a security advisory that includes mitigation and workaround details. With 17 days notice, it's unclear why Redmond's security team didn't already have that information ready to go... (!)

On April 29 as well, a separate advisory on the Future Musings blog warned of an XSS security vulnerability in the iPhone's Facebook app.

Overall, XSS bugs are by far the most common form of security vulnerability plaguing the Internet today. Webmasters and software providers often downplay them as insignificant, because the severity of many of them is rather minimal, although they are still critical.

Jon Wedell, a security analyst and author says "I've removed some of the technical details until Facebook had a chance to address this. To be on the safe side, let's just say you may want to avoid viewing friend's notes using the Facebook iPhone app, at least for now..."

However, as security breaches like the one experienced by the heavily fortified Apache Foundation demonstrate, they have the potential to serve as the intermediate that compromises an otherwise secure defense.

Add to     Digg this story Digg this

Source: Microsoft.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Install your server in Sun Hosting's modern colocation center in Montreal. Get all the details by clicking here.

Get your Linux or Windows dedicated server today.

The industry's best and most accurate tool to find out EXACTLY what your CORRECT keywords are. Click here to learn more.