So, its important to emphasize “need to protect” everywhere “need to share” is rushed out. In this case of a Sharepoint vulnerability, Microsoft’s advisory says there is a server side workaround, but right now the link doesn’t seem to get you anywhere. Until a workaround, or even better an actual patch, is available, take a look at any exposed Sharepoint services to see if there are any IPS or Web Application Firewall mitigation available.
There were also reports of a new cross-site scripting vulnerability in Facebook, sort of the poster child for consumer-grade “need to share” software. The real lesson in all this, of course, is that in general too many products that are focused on need to exploit the value of information are written with sort of a “drill, baby, drill” kind of excitement and often lead to “information spills” unless you add protection around them.
A more pithy version on this can be found here.
Category: Uncategorized Tags: