Update Protection against Microsoft SharePoint Help Page Denial of Service Vulnerability (MS10-039)
| Check Point Reference: | CPAI-2010-200 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS10-039 | |
| Industry Reference(s): | CVE-2010-1264 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Office SharePoint Server 2007 SP1 Microsoft Office SharePoint Server 2007 SP2 (32-bit editions) Microsoft Office SharePoint Server 2007 SP1 Microsoft Office SharePoint Server 2007 SP2 (64-bit editions) | ||
| Vulnerability Description A denial of service vulnerability has been discovered in Microsoft SharePoint Server 2007. Windows SharePoint Services provide a platform for collaboration applications and document management. Office SharePoint Server is an integrated suite of server capabilities built on top of Windows SharePoint Services. A remote attacker may exploit this vulnerability to cause the Web server to become non-responsive. |
||
|
Update/Patch Available Update patches: Microsoft Security Bulletin MS10-039 |
|
|
Vulnerability Details The vulnerability is due to the way that Microsoft SharePoint handles specially crafted requests sent to the Help page. A remote attacker can exploit this issue by sending a maliciously crafted HTTP request to the Help page of the SharePoint server. Successful exploitation of this vulnerability could allow the attacker to create a denial of service condition. |
Protection Overview
This protection will detect and block malicious HTTP requests made to the vulnerable SharePoint server.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.