.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

ASP.NET Security Vulnerability and SharePoint 2007 (Microsoft Security Advisory (2416728))

Posted By:      Posted Date: September 20, 2010    Points: 0   Category :SharePoint

With the recent security advisory issued by Microsoft for all ASP.NET applications it was highlighted by Scott Gu that SharePoint applications are at risk also. Scott provided a link to a script which would run on your web-server  to determine if there are ASP.NET applications installed on it and if it was vulnerable or not. I ran this script on my SharePoint server and noticed the following web.config files highlighted as being vulnerable:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\layouts\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\images\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\isapi\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\wpresources\web.config

Could I follow the instructions provide by Microsoft in the alert and modify these files? If not, how do I protect my web applications from this threat or are they at risk at all?

View Complete Post

More Related Resource Links

Is SharePoint susceptible to asp.net security advisory 2416728

Reading through recent ASP.Net security advisory 2416728 (http://www.microsoft.com/technet/security/advisory/2416728.mspx),  it appeared to me that Sharepoint would NOT be susceptible to this security volunerability - just wanted confirmation of this.  Thanks   

Office Space: Security Programming in SharePoint 2007


This month Ted Pattison presents an overview of programming security and permissions for Windows SharePoint Services 3.0.

Ted Pattison

MSDN Magazine February 2008

Administrator and Developer Guide to Code Access Security in SharePoint Server 2007

Explore configuration options, get best practices for managing CAS in SharePoint environments, and walk through a complex CAS scenario.

Using the Acceleration Toolkit for Microsoft Forefront Security for SharePoint

Learn how to supply full-fidelity FSSP enablement to a SharePoint environment, regardless of deployment phase with this acceleration toolkit.

Copy sharepoint 2007 folder (with sub folders) with all the security permissions

I am looking to copy a common sharepoint folder(sub folders) in 2007 with all the security permissions intact, to a different location in the same site, Does anyone know how to do this?

Copy sharepoint 2007 folder (with sub folders) with all the security permissions

I am looking to copy a common sharepoint folder(sub folders) in 2007 with all the security permissions intact, to a different location in the same site, Does anyone know how to do this?

When attempting to install Security Update Microsoft for the Microsoft 2007 Office system updates (u

When attempting to install "Security Update Microsoft for the Microsoft 2007 Office system updates (updates KB2277947 and KB982331)" the sintallation fails and then I recieve the error "The detection failed, this can be due to a corrupted installation database". System Info: XP Home Edition Version 2002 Service Pack 3 Intel Atom CPU N270 @ 1.60 GHz I am running XP and have installed and run the "Fit It" tool, to no avail. I even tried downloading each update individually, from the Microsoft site, instead of through the automatic update. I also read this same question posted by another user (link: http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/cfa66cd3-2aa2-44ee-9393-ffae41d4f70c/) only to find his info contained no answer either. How do I fix this so that I can get these updates installed?

Microsoft.SharePoint.WebControls.Welcome Not security trimmed

https://my.sharepoint.com/_layouts/userdisp.aspx, displays access denied when User permission set to not display /_layout/... Application Pages, this redirect should have never been allowed. How can one report Microsoft.SharePoint.WebControls.Welcome control to the Connect web site?

Sharepoint 2007 publishing site home page displays unknown file type security message


I am using sharepoint 2007 sp2, it has been workig fine for the past 8 months but since one of the developers installed .net 4.0 framework, every time we create a new sharepoit publishng site or extend and existing application the home url displays an "Unknown File Type" security warning message and asks users to download the file.  If i manually tupe in the full url http://www.mysite.com/pages/default.aspx it is displayed correctly. I have uninstalled .net 4 from the server but i still have the same  error. I have tried to replicate this error on a development server but sharepoitn works fine on that even with .net 4.0 installed.

Has anyone had the same issue ? I would appreciate  any suggestios or help with troubleshootig this issue.


User guide on Sharepoint 2007 security and Administration


Hi All - Can any one provide me user guide on sharepoint 2007 security groups,Audience targetting,Backup and restore options. If you already developed one for your firm. I need one very badly. I started doing one but I am new to administration part please give me doc you already have very helpful to me.




saritha k

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

SharePoint Security: Trim SharePoint Search Results for Better Security


SharePoint search may return too much information, causing data security problems. Learn how to use the custom security trimmer to ensure users see only the documents they have permission to view.

Ashley Elenjickal, Pooja Harjani

MSDN Magazine July 2010

Security Briefs: Add a Security Bug Bar to Microsoft Team Foundation Server 2010


Take a peek inside Microsoft's strict development security structure as Bryan Sullivan describes the objective security bug classification system?the "bug bar"?used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.

Bryan Sullivan

MSDN Magazine March 2010

How Do They Do It?: A Look Inside the Security Development Lifecycle at Microsoft


In this article, Microsoft security expert Michael Howard outlines how to apply the Security Development Lifecycle to your own software development processes. He explains how you can take some of the lessons learned at Microsoft when implementing SDL and use them in your own development process.

Michael Howard

MSDN Magazine November 2005

ISA Server 2004: Developing an Application Filter for Microsoft Internet Security and Acceleration S


The beta version of Internet Security and Acceleration (ISA) Server 2004 is now publicly available. It includes a rich SDK with several extensibility mechanisms that allow third parties to integrate their specialized solutions on top of the ISA platform. In this article, the author explores the application filter extensibility mechanism, which enables you to add high-level application layer filtering capabilities to ISA Server and to provide rich content filtering solutions. He also highlights the new features of the ISA Server 2004 SDK, then moves on to describe how to develop a basic application filter that monitors all data going through the ISA Server, and how to integrate a filter into the ISA Server management console to create a seamless interface experience for your users.

Yigal Edery

MSDN Magazine March 2004

Chapter 4: Branding Your SharePoint Site (Professional Microsoft SharePoint 2007 Development Using M

Learn how to create your own custom site pages and insert Silverlight content into these pages, customize SharePoint lists and views, and insert Silverlight content into existing list views and custom views.

Chapter 6: Advanced Custom Web Parts (Professional Microsoft SharePoint 2007 Development Using Silve

This chapter builds on the Web Parts created in the previous chapter, adding more advanced features.
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend