Microsoft KB Archive/887981

= MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services could allow cross-site scripting and spoofing attacks =

Article ID: 887981

Article Last Modified on 7/5/2006

-

APPLIES TO


 * Microsoft Windows SharePoint Services

-





Microsoft has released security bulletin MS05-006. The security bulletin contains all the relevant information about the security update. This includes the file manifest information and the deployment options. To view the security bulletin, visit the following Microsoft Web sites:  Home users:

http://www.microsoft.com/athome/security/update/bulletins/default.mspx

 IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms05-006.mspx

This update was first included in Windows SharePoint Services Service Pack 2. For more information about the latest service pack for Windows SharePoint Services, click the following article number to view the article in the Microsoft Knowledge Base:

906795 How to obtain the latest service pack for Windows SharePoint Services





SharePoint Team Services from Microsoft
Microsoft has released an update to SharePoint Team Services from Microsoft that resolves the issues that are described in MS05-006. The issues that are described in MS05-006 are resolved on computers that have SharePoint Team Services from Microsoft installed. For more information about this update, click the following article number to view the article in the Microsoft Knowledge Base:

890829 Description of the Security Update for SharePoint Team Services: February 8, 2005

Known issues that may occur after the security update is installed
When you connect to your Microsoft Windows SharePoint Services Web site after you install the SharePoint Team Services security update, you may receive an error message. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

841216 &quot;0x80040E14&quot; or &quot;HTTP 500&quot; error message when you connect to your Windows SharePoint Services Web site after you install a Windows SharePoint Services service pack or a security update

Special considerations for Turkish-language customers
Microsoft Windows SharePoint Services displays the value of the Turkish Lira only in TL format. When you add a Currency column in Windows SharePoint Services, there is no option to configure the column so that the value of the Turkish Lira is displayed in the old TL format and in the new YTL format.

Note This update resolves the Turkish Lira issue for only the Turkish-language version and English-language version of Windows SharePoint Services.

To resolve the Turkish Lira issue, you must do the following:
 * Install the Security Update for Windows SharePoint Services (KB887981) on the computer that is running Windows SharePoint Services.
 * Install the Update for Office 2003 (KB887980) on the computer that is running Microsoft Office FrontPage 2003.

For more information about the update for Office 2003 (KB887980), click the following article number to view the article in the Microsoft Knowledge Base:

887980 Description of the update for Office 2003: February 8, 2005

Issues that the security update fixes
Besides the issues that are described in the security bulletin, the Security Update for Windows SharePoint Services (KB887981) addresses the issues that are described in the following Microsoft Knowledge Base articles:  

886676 Description of the Windows SharePoint Services post-Service Pack 1 hotfix package: October 12, 2004

 

867811 Description of the Windows SharePoint Services post-Service Pack 1 hotfix package: September 16, 2004

 

887810 Description of the Windows SharePoint Services post-Service Pack 1 hotfix package: October 19, 2004

 

888505 Description of the Windows SharePoint Services post-Service Pack 1 hotfix package: November 13, 2004

</li> 

827930 Error messages when you delete or rename large folders or sites in Windows SharePoint Services

</li> 

890337 Description of the Microsoft Office FrontPage 2003 post-Service Pack 1 hotfix package: December 3, 2004

</li></ul>

Besides the issues that are described in the security bulletin, the Security Update for Windows SharePoint Services (KB887981) addresses the following Windows SharePoint Services issues that were not previously documented in a Microsoft Knowledge Base article:  After you uninstall Windows SharePoint Services, the WMSDE SQL Service (MSSQL$SHAREPOINT service) continues to run. Additionally, its Startup type is set to Automatic.</li> You receive the following error message when you try to enable a full-text search in the SearchAdmin.aspx Web page:

Thread was being aborted

</li> Users without permissions to a Windows SharePoint Web site can upload files by using the PUT method with the &quot;If-None-Match&quot; clause.

</li> You receive the following error message:

The content databases in this cluster have exceeded the warning Web site count. Either change the content database Web site capacity settings or add more content databases.

Note This error message occurs when you restore a site even if the content databases in the cluster have not exceeded the maximum limit.

</li> When a restore operation fails, an entry for the site that you want to restore is added in the config database.

</li></ul>

Error signature details
The following table contains error signatures. You can use this table to assess your needs of applying the security update.

Additional query words: sps windows sharepoint services security patch performance reliability update download 2003 fix

Keywords: kbdownload kbbug kbfix kbsecvulnerability kbsecurity kbsecbulletin kbupdate atdownload kbwsssp2fix KB887981

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.