MS10-070 Released Out-of-Band Today

Posted by Scott on September 28, 2010 0 comments

The title says it all. Get patching. Hit up the security bulletin for downloads.

Reference

Oracle Padding, ASP.NET Vulnerabilities, and SharePoint

Posted by Scott on September 21, 2010 0 comments

The Microsoft SharePoint team has released specific guidance for a workaround for the recently announced ASP.NET vulnerability (Security Advisory 2416728). With a slight modification, this guidance will also apply to SharePoint 2007.

For SharePoint 2010, the relevant web.config entry will look like:

 <customerrors defaultredirect="/_layouts/error2.aspx" mode="On" redirectmode="ResponseRewrite"></customerrors>

While for SharePoint 2007, the web.config entry will read:

 <customerrors defaultredirect="/_layouts/error2.aspx" mode="On"></customerrors>

You are prompted to enter your credentials when you access an FQDN site from a computer that is running Windows Vista or Windows 7 and has no proxy configured

Posted by Scott on September 21, 2010 1 comment

Well, the title says it all doesn't it? Windows Vista/7 (but mostly 7 as no one ever really used Vista) have a problem when accessing WebDav shares on sites with a fully qualified domain name (FQDN). This becomes very apparent with MS Office and attempting to access documents stored in SharePoint document libraries.

Most people would skip over the remainder of the article after reading that this issue was resolved after the release of Vista SP1. Reading on, one would learn that even with the hotfix, a registry entry must be created which will allow client side programs such as Office pass their credentials through to the server.

The following registry entry must be created:

  1. Click Start, type regedit in the Start Search box, and then press ENTER.
  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters

  3. On the Edit menu, point to New, and then click Multi-String Value.
  4. Type AuthForwardServerList, and then press ENTER.
  5. On the Edit menu, click Modify.
  6. In the Value data box, type the URL of the server that hosts the Web share, and then click OK. Note You can also type a list of URLs in the Value data box.
  7. Exit Registry Editor.
  8. Restart the WebClient service or reboot the PC.

Reference

A Manager’s Guide to SharePoint

Posted by Scott on September 23, 2009 0 comments

The Acuff Group recently posted a whitepaper titled A Manager’s Guide to SharePoint [PDF] which makes for an interesting afternoon read.

Performance Optimization WordPress Plugins by W3 EDGE