Skip to main content
MSRC

SharePoint

November 2014 Updates

Tuesday, November 11, 2014

Today, as part of Update Tuesday, we released 14 security updates – four rated Critical, nine rated Important, and two rated Moderate, to address 33 Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD).

Lovely tokens and the September 2013 security updates

Tuesday, September 10, 2013

Helen Hunt Jackson famously wrote, “By all lovely tokens September is here, with summer’s best of weather and autumn’s best of cheer.” I share Helen’s clear adoration for this time of year. As a sports fan, there are so many “lovely tokens” to enjoy. The baseball pennant race is heating up, college and pro football are underway, and various soccer leagues (real football to the rest of the world) continue.

Advance Notification Service for September 2013 Security Bulletin Release

Thursday, September 05, 2013

In celebration of kids heading back to school, today we’re providing advance notification for the release of 14 bulletins, four Critical and 10 Important, for September 2013. The Critical updates address issues in Internet Explorer, Outlook, SharePoint and Windows. As always, we’ve scheduled the bulletin release for the second Tuesday of the month, Sept.

MS10-104: SharePoint 2007 Vulnerability

Tuesday, December 14, 2010

Today we released MS10-104 to address vulnerability CVE-2010-3964 in SharePoint 2007 server with an important severity rating. In this blog, we would like to cover some additional details of this vulnerability. Is my SharePoint server affected by this vulnerability? There are two types of installations for a SharePoint server: standalone and farm.

Sharepoint XSS issue

Thursday, April 29, 2010

Today we released Security Advisory 983438 informing customers of a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0. Here we would like to give further technical information about this vulnerability. What is the attack vector? The advisory states that the vulnerability could allow Elevation of Privilege (EoP) within the SharePoint site itself.