| ||||
04 May 2010
'No risk' for off-site Microsoft SharePoint usersDefault security settings in Internet Explorer 8 mean that a reported security issue in Microsoft SharePoint Server 2007 and Microsoft Windows SharePointServices 3.0 is already no threat to remote workers, the software developer has revealed. While the company is already working on a patch to resolve the issue entirely, it has stressed in a Security Advisory notice that remote workers using Internet Explorer 8 should not be at risk. That is because of the Internet Explorer XSS Filter, which is activated by default for the Internet Zone in the browser and prevents cross-site scripting (XSS) attacks. Meanwhile, the Microsoft Security Research & Defense blog adds that the risk of anyone being able to exploit the vulnerability - which potentially allows a hacker to gain the same privileges within the relevant Microsoft SharePoint site as the hacked user - is very small. That is because Microsoft SharePoint authenticates users with HttpOnly cookies, which cannot be accessed through XSS attacks.  
|
||||
 |
||||
