Record Breaking Patch Tuesday Includes “Important” SharePoint Patch

Posted on October 12, 2010 by

Leave a Comment

This patch Tuesday marks a couple of significant things to note.  One it’s a record for patch Tuesday with 16 bulletins across 49 vulnerabilities.  The previous record was 14 bulletins.  A few are critical which include Windows Server and IE, and even SharePoint 2007 and SharePoint Foundation 2010 are included… “MS10-072: Vulnerabilities in Microsoft SharePoint could allow information disclosure.”  Essentially the vulnerability in SharePoint is quite specific as it could allow information disclosure if an attacker submits specially crafted script to a target site using SafeHTML. 

There’s no need to freak out.  Just add this to your regularly scheduled patch process.  If you are following the cumulative updates, this will likely be included in the next month update if it’s not already included. 

 

IT Pro information on the “Important” SharePoint Patch MS10-072

 

MS10-072/KB2412048 – Important (SharePoint Services 3, SharePoint Foundation 2010, Office Web Apps, Office SharePoint Server 2007, Groove Server 2010): Issues with “SafeHTML” can allow attackers to have access to information that they should not on a variety of Microsoft collaboration platforms. It’s an important patch, but only if you use these tools. 12.0MB – 21.MB

 

Depending on what flavor of SharePoint you are running there are different KBs

  • 2345212 (http://support.microsoft.com/kb/2345212/ ) MS10-072: Description of the security update for Office SharePoint Server 2007: October 12, 2010
  • 2345304 (http://support.microsoft.com/kb/2345304/ ) MS10-072: Description of the security update for Windows SharePoint Services 3.0: October 12, 2010
  • 2345322 (http://support.microsoft.com/kb/2345322/ ) MS10-072: Description of the security update for Microsoft SharePoint Foundation 2010: October 12, 2010
  • 2346298 (http://support.microsoft.com/kb/2346298/ ) MS10-072: Description of the security update for Microsoft Groove Server 2010: October 12, 2010

    •  

    More information on the other patches included in Patch Tuesday October 2010

    # Rating Impact Affected software
    1 Critical Remote Code Execution IE6/7/8 on Windows XP/2003/Vista/2008/7/2008 R2
    2 Critical Remote Code Execution Windows Vista/7
    3 Critical Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
    4 Critical Remote Code Execution 32-bit unaffected: Windows XP/2003/Vista/2008/7/2008 R2
    5 Important Information Disclosure SharePoint Services 3.0/Server 2007/Foundation 2010
    6 Important Elevation of Privilege Windows XP/2003/Vista/2008/7/2008 R2
    7 Important Elevation of Privilege Windows XP/2003
    8 Important Remote Code Execution Office XP/2003/2007/2010, Office 2004/2008 for Mac
    9 Important Remote Code Execution Office XP/2003/2007, Office 2004/2008 for Mac
    10 Important Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
    11 Important Remote Code Execution Itanium unaffected: Windows XP/2003/Vista/2008/7/2008 R2
    12 Important Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
    13 Important Elevation of Privilege Windows XP/2003
    14 Important Denial of Service Windows Vista/2008/7/2008 R2
    15 Moderate Remote Code Execution Windows XP/2003/Vista/2008/7/2008 R2
    16 Moderate Tampering Windows Server 2008 R2

    Category: Uncategorized

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Joel Oleson MVP Microsoft Regional Director
    Subscribe to Blog via Email

    Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 18.7K other subscribers
    Interested in Webinar and Infographic?
    Subscribe to Blog via Email

    Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 18.7K other subscribers
    %d bloggers like this: