Pretty Big Deal SharePoint Security Patch – Microsoft Security Bulletin MS14-022 – Critical
We’ve come across a SharePoint security concern that, if you are not already aware of, requires your attention.
To be clear – we’re not fans of fear mongering. SharePoint patches pop up frequently. We’ve identified this one as particularly critical.
We are currently applying this patch internally to protect ourselves and to develop a response to assist our clients with minimal disruption.
We suggest you or your IT team treat this as a top priority and either address this yourself or schedule time with an itgroove consultant to get the patch deployed.
Here’s the background of the issue:
• It’s classified as a “Critical patch” – it’s big enough that the US Department of Homeland Security is addressing it on their site.
• It impacts SharePoint 2007, 2010, 2013 and Microsoft Web Apps (Office Online).
• This patch is particularly important for sites that are connect to the internet.
Here’s the technical details:
o It’s an XSS exploit/security patch – basically un-sanitized user input – making it very unlikely that it would be pulled or retro-fitted.
o This affects authorized users or anonymously exposed sites.
o It is for 3 CVEs, none under public attack, and they do require social engineering aimed at your users to trigger.
To learn more, here are some sources to review:
Please Contact Us to book time with one of our consultants for assistance.