MS05-006: Vulnerability in Windows SharePoint


Recommended Posts

Microsoft Security Bulletin MS05-006

Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)

Issued: February 8, 2005

Version: 1.0

Summary

Who should read this document: Customers who use Microsoft Windows SharePoint Services or SharePoint Team Services from Microsoft

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Moderate

Recommendation: Customers should consider applying the security update.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

?Windows SharePoint Services for Windows Server 2003 ? Download the update (KB887981)

?SharePoint Team Services from Microsoft? Download the update (KB890829) ? Download the full-file update (KB890829)

Non-Affected Software:

?Microsoft Windows Server 2003 for Itanium-based Systems

?SharePoint Portal Server 2003 (all versions)

?SharePoint Portal Server 2001 (all versions)

SharePoint Team Services Users: Office XP Service Pack 2 for Office XP Web Components and Office XP Service Pack 3 for SharePoint Team Services are both vulnerable to this issue. However the security update for Office XP Service Pack 2 for Office XP Web Components is provided only as part of the Office XP full-file security update. For more information, see the ?Security Update Information? section.

The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability. A cross-site scripting and spoofing vulnerability exists in the affected software that could allow an attacker to convince a user to run a malicious script. The vulnerability is documented in the ?Vulnerability Details? section of this bulletin.

An attacker who successfully exploited the vulnerability could modify Web browser caches and intermediate proxy server caches. Additionally, they could put spoofed content into those caches. An attacker may also be able to exploit the vulnerability to perform cross-site scripting attacks.

We recommend that customers consider applying the security update.

http://www.microsoft.com/technet/security/...n/ms05-006.mspx

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I would question if Neowin really needs science research studies/stories than.
    • Microsoft reveals Mu, an on-device small language model built into Windows 11 by Pradeep Viswanathan Last year, Microsoft revealed Copilot+ PCs featuring a dedicated Neural Processing Unit (NPU) capable of over 40 TOPS or more. These Copilot+ PCs came with Phi-Silica, an on-device SLM to bring language intelligence capabilities to Microsoft's own first-party apps and apps from other 3rd-party developers. Today, Microsoft revealed Mu, a new on-device small language model built into Windows 11. Microsoft's goal was to create an AI-powered agent within the Settings app that can understand a user's natural language queries and integrate it into the existing search box for a smooth user experience. Hence, Microsoft is using the new Mu model to power the new agent feature in the Settings app, which was made available to Windows Insiders recently in the Dev Channel with Copilot+ PCs. Like Phi-Silica, Mu is designed to operate efficiently on NPUs, delivering over 100 tokens per second while running locally. In the official blog post, Microsoft explained how they designed and trained the Mu language model. Here's an overview of the Mu language model: Mu is a 330M encoder-decoder language model. The encoder-decoder approach achieved about 47% lower first-token latency and 4.7× higher decoding speed compared to a decoder-only model of similar size. Mu uses weight sharing in certain components to reduce the total parameter count. Microsoft trained Mu using NVIDIA A100 GPUs on Azure Machine Learning. Mu is nearly comparable in performance to a similarly fine-tuned Phi-3.5-mini, despite being one-tenth of the size. The model is better suited for multi-word queries. So for short or partial-word inputs, the Settings app will continue to surface lexical and semantic search results in the search box. Interested users can download Windows 11 Build 26120.3964 (KB5058496) or higher to check out this new AI-powered agent in the Windows Settings app.
    • I work at a company that sends Samsung stuff to Best Buy, Costco, Amazon, and others, we are about to killed after this event.
    • only using AI for science research studies/stories like this which are somewhat separate from our main tech/IT-focused articles, it is like a separate column, sort of like the software stories. Also I believe plenty of other sites use AI in some form of other, but we are also honest enough to disclose it. Btw no that headline was completely me.
    • Electric vehicles get colds? I guess AI also helped with the headline. An editor really reviewed this huh? LOL Seriously WTF Neowin? You are using AI to help write articles now? I was just about to become a subscriber but not now.
  • Recent Achievements

    • Dedicated
      tesla maxwell earned a badge
      Dedicated
    • Dedicated
      Camlann earned a badge
      Dedicated
    • Week One Done
      fredss earned a badge
      Week One Done
    • Dedicated
      fabioc earned a badge
      Dedicated
    • Week One Done
      GoForma earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      634
    2. 2
      Michael Scrip
      224
    3. 3
      ATLien_0
      219
    4. 4
      +FloatingFatMan
      142
    5. 5
      Xenon
      135
  • Tell a friend

    Love Neowin? Tell a friend!