.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Post New Web Links

Microsoft Security Bulletin MS10-039, KB979445 and KB983444

Posted By:      Posted Date: September 23, 2010    Points: 0   Category :SharePoint


In "Microsoft Security Bulletin MS10-039" there is a workaround wich describes how to deny access to "%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx.

Does this mean that when applying the now available security updates (in my case KB979445 and KB983444) one should expect that this file gets replaced with a newer version?

I´m wondering because it struck me that I forgot to remove the workaround before applying the patches wich should lead to that the account used for applying them had no permission to change this file, I also noticed that the file in question is still last modified 2006.


View Complete Post

More Related Resource Links

Security Briefs: Add a Security Bug Bar to Microsoft Team Foundation Server 2010


Take a peek inside Microsoft's strict development security structure as Bryan Sullivan describes the objective security bug classification system?the "bug bar"?used by internal product and online services teams. He will show you how to incorporate this classification system into your own development environment using Microsoft Team Foundation Server 2010.

Bryan Sullivan

MSDN Magazine March 2010

How Do They Do It?: A Look Inside the Security Development Lifecycle at Microsoft


In this article, Microsoft security expert Michael Howard outlines how to apply the Security Development Lifecycle to your own software development processes. He explains how you can take some of the lessons learned at Microsoft when implementing SDL and use them in your own development process.

Michael Howard

MSDN Magazine November 2005

ISA Server 2004: Developing an Application Filter for Microsoft Internet Security and Acceleration S


The beta version of Internet Security and Acceleration (ISA) Server 2004 is now publicly available. It includes a rich SDK with several extensibility mechanisms that allow third parties to integrate their specialized solutions on top of the ISA platform. In this article, the author explores the application filter extensibility mechanism, which enables you to add high-level application layer filtering capabilities to ISA Server and to provide rich content filtering solutions. He also highlights the new features of the ISA Server 2004 SDK, then moves on to describe how to develop a basic application filter that monitors all data going through the ISA Server, and how to integrate a filter into the ISA Server management console to create a seamless interface experience for your users.

Yigal Edery

MSDN Magazine March 2004

Using the Acceleration Toolkit for Microsoft Forefront Security for SharePoint

Learn how to supply full-fidelity FSSP enablement to a SharePoint environment, regardless of deployment phase with this acceleration toolkit.

Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)

I have been trying to install   Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366)   since it was released but downloads ok but it will not install. Everytime installation of this update fails!   Help...

When attempting to install Security Update Microsoft for the Microsoft 2007 Office system updates (u

When attempting to install "Security Update Microsoft for the Microsoft 2007 Office system updates (updates KB2277947 and KB982331)" the sintallation fails and then I recieve the error "The detection failed, this can be due to a corrupted installation database". System Info: XP Home Edition Version 2002 Service Pack 3 Intel Atom CPU N270 @ 1.60 GHz I am running XP and have installed and run the "Fit It" tool, to no avail. I even tried downloading each update individually, from the Microsoft site, instead of through the automatic update. I also read this same question posted by another user (link: http://social.technet.microsoft.com/Forums/en-US/sharepointadmin/thread/cfa66cd3-2aa2-44ee-9393-ffae41d4f70c/) only to find his info contained no answer either. How do I fix this so that I can get these updates installed?

Microsoft.SharePoint.WebControls.Welcome Not security trimmed

https://my.sharepoint.com/_layouts/userdisp.aspx, displays access denied when User permission set to not display /_layout/... Application Pages, this redirect should have never been allowed. How can one report Microsoft.SharePoint.WebControls.Welcome control to the Connect web site?

System.TypeLoadException: Could not load type 'Microsoft.Office.Server.Security.LdapMembershipProvi

So this is odd, I am attempting to setup FBA with Sharepoint Foundation 2010 and i get the following Error: (from ULS log viewer): System.TypeLoadException: Could not load type 'Microsoft.Office.Server.Security.LdapMembershipProvider' from assembly 'Microsoft.Office.Server, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c'. at System.RuntimeTypeHandle._GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, Boolean loadTypeFromPartialName) at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) at System.RuntimeType.PrivateGetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) at System.Type.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) at System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) and in IIS Logs: Exception information:     Exception type: ConfigurationErrorsException     Exception message: Could not load type 'Microsoft.Off

ASP.NET Security Vulnerability and SharePoint 2007 (Microsoft Security Advisory (2416728))


With the recent security advisory issued by Microsoft for all ASP.NET applications it was highlighted by Scott Gu that SharePoint applications are at risk also. Scott provided a link to a script which would run on your web-server  to determine if there are ASP.NET applications installed on it and if it was vulnerable or not. I ran this script on my SharePoint server and noticed the following web.config files highlighted as being vulnerable:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\layouts\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\template\images\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\isapi\web.config
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\wpresources\web.config

Could I follow the instructions provide by Microsoft in the alert and modify these files? If not, how do I protect my web applications from this threat or are they at risk at all?

Microsoft .NET Application Security


i am trying to install sql server 2008 Enterprise Edition X86 on a Windows XP x86. At the Configuration Checker it says that "Microsoft .NET Application Security" is not applicable. I can however install everything.

What does this message mean please?

I heared that SQL 2008 only available on Vista and higher, because of this .

Now I even cant uninstall sql normally. When I used add remove it does not uninstall everything.

Hi Need urgent help I downloaded the latest security update for Microsoft .NET Framework 1.1 and it


My title describe the problem which I'm currently in at the moment Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)

Download size: 13.7 MB

You may need to restart your computer for this update to take effect.

Update type: Important

A security issue has been identified that could allow an attacker to compromise your Windows-based system that is running the Microsoft .NET Framework and gain access to information. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

More information:

Help and Support:

Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Win XP failed

Hii all, I just tried to patch my system with latest updates, which were huge this time (14 updates of 42 Mb in total). Out of 14 updates 13 were installed successfully and one failed with error code of 0x643:
Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297)

After restarting my system I authorised the dispatch of the failure report to Microsoft. Now I wonder if anybody else has encountered such problem with this particular update?

The Putative Microsoft recommendation (for security) Causes De-installer Malfunction



Control Panel/Programs/Programs and Features lists <product-name> as an installed product. When I click on <product-name> I get a choice to Change or Repair.
As I want to Remove I click Change. This leads to three radio buttons Modify, Repair, Remove. I click Remove.
At the end of the process <product-name> remains in the aforementioned list of installed products.
This has been repeated many times to include Repair in advance of Remove with no difference.
This, of course, is incorrect behavior and prevents me from bringing <product-name> up in service.

It is the mechanism of the Windows Installer (in the setup logic the prerequisite is that you must have Admin Right) but since Vista , the admin rigths are not really set
unless you 'RUN AS ADMINISTRATEUR) and in the Microsoft recommendation (for security) , you do not have to give error message for access denied
(that why you think that all is correct even if not)
I am not sure it is very clear but it is now the Microsoft philosophy since Vista

Is this actual and true Microsoft philosphy?  If so, it leads to program malfunctions and bad practice.  I launch the de-installer from Control Panel where I am
not even aware that I am launching a program much less have the option to launch it in a privileged mo

Microsoft.Interop.Security.AzRoles registration issue


Hi All,

I am facing an issue with the Azroles dll when using with a Smart client application. 

Below is the complete exception:

Handling instance: fb5809ad-828d-45b6-873a-5dd0d4e65cf5

Date and time: 30/11/2010 11:47:00

Machine name: LDSCXA3

IP Address:

Current User: ITVPLC\AdarSree

Application Domain: ConMaint.exe

Assembly codebase: file:///M:/Program Files/Genersys/ConMaint.exe

Microsoft.Net Application Security Warning




I am installing SQL Server 2008 R2 Enterprise on a Windows Server 2008 R2 Datacenter.

The setup generates warning:

Rule "Microsoft.Net Application Security" generated a warning.

The computer cannot access the Internet. There might be delays 
in starting a .NET application like Managment Studio. If navigate 
to http://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl file you should not have .NET security validation issues. It is not necessary to download the MicrosoftRootAuthority.crl file.

But the computer really has no access to the I-net. And will not have.


What does this warning mean?

Is it critical?


Thank you for your time.


VB.NET Microsoft.Web.Services3.SoapContext.Security is obsolete


I am using Microsoft.Web.Services3.SoapContext.Security in VB.NET code but getting following warning, Please let me know your suggestions.


'Microsoft.Web.Services3.SoapContext.Security' is obsolete: 'SoapContext.Security is obsolete. Consider deriving from SendSecurityFilter or ReceiveSecurityFilter and creating a custom policy assertion that generates these filters.'


Dim username As String = MDI_LoginID

            Dim password As String = MDI_Pswrd 'Password needs to be present to test this. 

            Dim UserToken As New UsernameToken(username, password, PasswordOption.SendPlainText)


            Dim requestcontext As SoapContext = objCSWEBCIC.RequestSoapContext()


            requestcontext.Security.Timestamp.TtlInSeconds = 60





Does anyone know where I can find the 64-bit Microsoft.Samples.Security.SSPI.dll ?  I installed .Net Framework SDk 2.0 64-bit on my machine but cannot find the dll.


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend