Cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0

I already protected my sharepoint customers and what about you??

Refer following link to avoid XSS attack:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0817
http://blogs.technet.com/msrc/archive/2010/04/29/security-advisory-983438-released.aspx

Prevention Steps suggested by Microsoft:

Restrict Access to SharePoint Help.aspx

An administrator can apply an access control list to SharePoint Help.aspx to ensure that they can no longer be loaded. This effectively prevents exploitation of the vulnerability using this attack vector.

To restrict access to the vulnerable Help.aspx:

•	Run the following commands from a command prompt: cacls “%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /P everyone:N cacls “%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /P everyone:N

Impact of workaround. This workaround will disable all help functionality from the SharePoint server.

How to undo the workaround.

•

Run the following commands from a command prompt: takeown /f “%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” takeown /f “%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” cacls “%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /R everyone cacls “%ProgramFiles(x86)%\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\LAYOUTS\Help.aspx” /E /R everyone