Barney's Blog

Blog archive

SharePoint Security Snafu

SharePoint Services 3.0 and Office SharePoint Server 2007 are both affected by an elevation of privileges flaw.

Similar to a recently announced IE 8 flaw, hackers use cross-site scripting to wage attacks. Here, malicious code is embedded into SharePoint-based Web pages. Similar to phishing scams, users are led to these sites through spam.

The lesson here? Don't just rely on patches, but train you end users to avoid clicking anything that is the least bit suspect.

Do you train your users in security? Does it work? Share your best advice with us by writing to [email protected]

Posted by Doug Barney on May 05, 2010 at 11:53 AM


Featured

  • Report: U.S. Web Sites Not Protecting Your Private Data

    According to a study announced Friday by privacy compliance solutions vendor Zendata, many Web sites were found to have woeful data protection practices in place.

  • The 2022 Microsoft Product Roadmap

    Microsoft has a lot in the docket for 2022, including new products like SQL Server 2022, Exchange Subscription Edition and Visual Studio 2022 for Mac.

  • Azure Sphere OS Version 22.01 No Longer Happening

    Microsoft will no longer be releasing its previously announced Azure Sphere version 22.01 operating system, the company announced on Wednesday.

  • Is Microsoft's Free Windows 11 Upgrade Offer Coming to an End?

    Microsoft may be alluding to the end of the free Windows 11 upgrade for Windows 10 users.