Microsoft Share Point Calendar Cross-Site Scripting (MS11-074)

Vulnerability
Protection

Check Point Reference:	CPAI-2011-115
Date Published:
Severity:
Source:	Microsoft Security Bulletin MS11-074
Industry Reference(s):	CVE-2011-0653
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? SharePoint Server 2010
Vulnerability Description Multiple cross-site scripting vulnerabilities have been reported in Microsoft SharePoint Server. A remote attacker could exploit these vulnerabilities to execute a cross-site scripting attack that could allow him to issue commands in an affected SharePoint server.

Update/Patch Available Microsoft Security Bulletin MS11-074
Vulnerability Details The vulnerabilities are due to insufficient validation of user input by an affected SharePoint server. An attacker can exploit these vulnerabilities by convincing unsuspecting users to open a specially crafted website. Successful exploitation will allow an attacker to issue SharePoint commands in an affected server, in the security context of the logged in user.

Protection Overview
The protection will block HTTP requests to the Share Point Calendar web pages that contain embedded javascript.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 NGX R65 & IPS-1

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the XSS Attacks protection group.
3. Click Microsoft Share Point Calendar Cross-Site Scripting (MS11-074).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: XSS Attacks
Description: Microsoft Share Point Calendar Cross-Site Scripting (MS11-074)

Legal Notice for Threat Center Advisories