Hole in SharePoint

Microsoft released a security advisory to warn of a newly reported vulnerability in SharePoint.

The software giant addressed the issue in Security Advisory 983438. The cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0 could allow elevation of privilege within the SharePoint site itself. Servers are at reduced risk from Internet Explorer 8 clients, as the Internet Explorer 8 XSS filter helps to mitigate the issue in the internet zone.

Microsoft was not aware of any active attacks at the time of publishing the document. The company encouraged users running SharePoint Server 2007 or SharePoint Services 3.0 to review and apply the mitigations and workarounds discussed in the Security Advisory.

Source: Microsoft.