SharePoint

November 2014 Updates

Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor …

November 2014 Updates Read More »

Lovely tokens and the September 2013 security updates

Helen Hunt Jackson famously wrote, “By all lovely tokens September is here, with summer’s best of weather and autumn’s best of cheer.” I share Helen’s clear adoration for this time of year. As a sports fan, there are so many “lovely tokens” to enjoy. The baseball pennant race is heating up, college and pro football …

Lovely tokens and the September 2013 security updates Read More »

Advance Notification Service for September 2013 Security Bulletin Release

In celebration of kids heading back to school, today we’re providing advance notification for the release of 14 bulletins, four Critical and 10 Important, for September 2013. The Critical updates address issues in Internet Explorer, Outlook, SharePoint and Windows.  As always, we’ve scheduled the bulletin release for the second Tuesday of the month, Sept. 10, …

Advance Notification Service for September 2013 Security Bulletin Release Read More »

More information on Security Advisory 2737111

Today we released Security Advisory 2737111 to describe the way in which vulnerabilities in Oracle’s Outside In technology impact the document preview functionality of Microsoft Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint. In this blog, we would like to discuss the following: What is the Oracle Outside In technology? Why …

More information on Security Advisory 2737111 Read More »

MS10-104: SharePoint 2007 Vulnerability

Today we released MS10-104 to address vulnerability CVE-2010-3964 in SharePoint 2007 server with an important severity rating. In this blog, we would like to cover some additional details of this vulnerability.   Is my SharePoint server affected by this vulnerability?   There are two types of installations for a SharePoint server: standalone and farm. A standalone …

MS10-104: SharePoint 2007 Vulnerability Read More »

Sharepoint XSS issue

Today we released Security Advisory 983438 informing customers of a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0.  Here we would like to give further technical information about this vulnerability. What is the attack vector? The advisory states that the vulnerability could allow Elevation of Privilege (EoP) within the SharePoint site …

Sharepoint XSS issue Read More »