Major ASP.NET Vulnerability

To our valued clients,

 

itgroove wants to let you know about an important security risk that has been discovered.

 

Microsoft has advised it partners and customers worldwide of a vulnerability in one of the backend fundamental components of SharePoint – asp.net – that can allow an attacker to penetrate and manipulate SharePoint installations.  The vulnerability affects all versions of SharePoint from version 2 through WSS/MOSS (SharePoint 3) and SharePoint 2010.  The vulnerability is considered so severe that Microsoft has issued a set of instructions on how to hand-code a workaround to close the vulnerability.  This is NOT a patch, it requires the actual editing of some of the backend configuration files within SharePoint.

 

We believe this to be a severe enough vulnerability that we are advising all of our customers of the problem and we urge you to contact us to arrange a time when we can make the required changes for you.  The work involved should only take about 30 minutes but once the change is made an IISreset will be required which will cause a short disruption in SharePoint availability.

 

As well here is a link to instructions for those who have the knowledge and experience to implement this workaround: http://blogs.msdn.com/b/wp-content/uploads/brainlitter/brainlitterarchive/sharepoint/archive/2010/09/21/security-advisory-2416728-vulnerability-in-asp-net-and-sharepoint.aspx

 

Please contact us at 250-220-4575 to make arrangements or to get more information.

 

Your SharePoint support team at itgroove.