Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

SharePoint Vulnerability Waits Nearly Two Months For A Patch

Imperva : 08 June, 2010  (Technical Article)
Imperva comments on the Microsoft patch release cycle and the open vulnerabilities it leaves businesses with
Microsoft is planning 10 patches next week, with one of them addressing a vulnerability in Sharepoint. However, waiting for patch cycles to mitigate vulnerabilities will not protect enterprises.

Since April 12, Microsoft SharePoint users have been vulnerable to a web-based attack through their help.aspx page. The problem was made public on April 29, after which Microsoft has been working to produce a patch, due for next Tuesday June 8.

"Many organizations have SharePoint servers accessible from the Internet, for partners and customers to access that may be unprotected. Having to wait almost two months for patching a vulnerability related to a very common attack vector (Cross Site Scripting) is just too long," said Amichai Shulman, CTO, Imperva. "We are repeatedly reminded by such incidents that regardless of the amount of resources poured into SDLC applications still go out of the factory door with vulnerabilities in them. Some of them pop up as a side note on a patch and some as 0days."

Shulman continues "We all rely on vendor patch cycles to keep us and our businesses secure, however as one vulnerability is patched, sooner or later another one will appear. Businesses need to ensure they are secure from all vulnerabilities whether notified or not."

"The criminals do not need to wait for a vulnerability to be notified before they exploit it, so businesses with a public facing portal need to take a holistic approach to security and look at how they can protect their business at all times, especially between patch cycles, whether this is via a web application firewall (WAF) to mitigate vulnerabilities or other security tools. For those relying on Microsoft's patch cycles the only mitigation possible in the short term is 'virtual patching' via a WAF," Shulman adds.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo