MS11-074: Vulnerabilities in Microsoft SharePoint could allow elevation of privilege: September 13, 2011

<html><body><p>Resolves vulnerabilities in Microsoft SharePoint could allow elevation of privilege. This bulletin was released on August 9, 2011.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS11-074. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul><li>Home users:<br /><div><a href=“http://www.microsoft.com/security/pc-security/bulletins/201109.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/bulletins/201109.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update Website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“http://technet.microsoft.com/security/bulletin/ms11-074” target=“_self”>http://technet.microsoft.com/security/bulletin/MS11-074</a></div></li></ul><span><h3>How to obtain help and support for this security update</h3> <br />Help installing updates: <br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals: <br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country: <br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></span></div><h2></h2><div><h3>Known issues and additional information about this security update</h3> <br /><br /> The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br /><br /><br /><ul><li><a href=“https://support.microsoft.com/en-us/help/2493987”>2493987 </a> MS11-074: Description of the security update for Windows SharePoint Services 3.0: September 13, 2011 <br /><br />Known issues in security update 2493987:<ul><li><span>Known issue 1</span><br /><br /><span>Symptom</span><div>If the SharePoint Products and Technologies Configuration Wizard does not finish its task, SharePoint may be left in an inconsistent state. You may be unable to browse the Central Administration or SharePoint site, and you receive one of the following error messages:<br /><br /><span>Error message 1<br /><br /></span><div>Server Error: http://go.microsoft.com/fwlink?LinkID=96177</div><br /><span>Error message 2<br /><br /></span><div>HTTP 404 Not Found</div><br /><span>Error message 3<br /><br /></span><div>Cannot connect to the configuration database</div></div><br /><span>Resolution</span><br /><br /> For more information about how to resolve this issue, click the following article number to view the article in the Microsoft Knowledge Base: <div><a href=“https://support.microsoft.com/en-us/help/944267”>944267 </a> How to troubleshoot common errors that occur when you run the SharePoint Products and Technologies Configuration Wizard on a computer that is running Windows SharePoint Services 3.0 or SharePoint Server 2007 </div></li><li><span>Known issue 2</span><br /><br /><span>Symptom</span><br /><br /> Users are prompted for authentication when they try to browse a SharePoint site. Windows Server 2003 SP1 and Windows Server 2008 include a loopback check security feature that helps prevent reflection attacks on your computer. Therefore, authentication fails if the fully qualified domain name (FQDN) or the custom host header that you use does not match the local computer name.<br /><br /><span>Workaround</span><br /><br />There are two methods to work around this issue. Use one of the following methods, as appropriate for your situation.<br /><br /><span><span>Important </span>This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: <div><a href=“https://support.microsoft.com/en-us/help/322756”>322756 </a>How to back up and restore the registry in Windows </div></span><br /><span>Method 1: Specify host names (the preferred method for NTLM authentication)</span><br /><br />To specify the host names that are mapped to the loopback address and can connect to websites on your computer, follow these steps:<br /><br /><ol><li>Set the <span>DisableStrictNameChecking </span>registry entry to 1. <span>For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/281308”>281308 </a> Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name<br /></div></span></li><li>Click <strong>Start</strong>, click <strong>Run</strong>, type <span>regedit</span>, and then click <strong>OK</strong>.</li><li>In Registry Editor, locate and then click the following registry key:<br /><div><strong><strong>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0</strong></strong></div></li><li>Right-click <strong>MSV1_0</strong>, point to <strong>New</strong>, and then click <strong>Multi-String Value</strong>.</li><li>Type <span>BackConnectionHostNames</span>, and then press ENTER.</li><li>Right-click <strong>BackConnectionHostNames</strong>, and then click <strong>Modify</strong>.</li><li>In the <strong>Value data</strong> box, type the host name or the host names for the sites that are on the local computer, and then click <strong>OK</strong>.</li><li>Exit Registry Editor, and then restart the IISAdmin service.</li></ol><br /><span>Method 2: Disable the loopback check (the less-recommended method) </span><span><br /><br /><span>Warning</span> This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.</span><br /><br />The second method is to disable the loopback check by setting the <span>DisableLoopbackCheck</span> registry entry.<br /><br />To set the <span>DisableLoopbackCheck</span> registry key, follow these steps:<br /><br /><ol><li>Set the DisableStrictNameChecking registry entry to 1. <span>For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/281308”>281308 </a> Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name<br /></div></span></li><li>Click <strong>Start</strong>, click <strong>Run</strong>, type <span>regedit</span>, and then click <strong>OK</strong>.</li><li>In Registry Editor, locate and then click the following registry key:<br /><div><strong><strong>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa</strong></strong></div></li><li>Right-click <strong>Lsa</strong>, point to <strong>New</strong>, and then click <strong>DWORD Value</strong>.</li><li>Type <span>DisableLoopbackCheck</span>, and then press ENTER.</li><li>Right-click <strong>DisableLoopbackCheck</strong>, and then click <strong>Modify</strong>.</li><li>In the <strong>Value data</strong> box, type <span>1</span>, and then click <strong>OK</strong>.</li><li>Exit Registry Editor, and then restart your computer.</li></ol>For more information, click the following article number to view the article in the Microsoft Knowledge Base: <div><a href=“https://support.microsoft.com/en-us/help/926642”>926642 </a> Error message when you try to access a server locally by using its FQDN or its CNAME alias after you install Windows Server 2003 Service Pack 1: “Access denied” or “No network provider accepted the given network path” </div></li><li><span>Known issue 3</span><br /><br />After you install this security update on a Windows Small Business Server-based computer that is running Windows SharePoint Services 3.0, in some scenarios, the SharePoint Companyweb and Central Administration pages may not be available. For more information about this issue and about how to resolve the issue, visit the following Microsoft TechNet webpage: <div><a href=“http://blogs.technet.com/b/sbs/archive/2010/06/18/companyweb-and-sharepoint-central-admin-not-accessible-after-installing-kb983444.aspx” target=“_self”>http://blogs.technet.com/b/sbs/archive/2010/06/18/companyweb-and-sharepoint-central-admin-not-accessible-after-installing-kb983444.aspx</a></div></li><li><span>Known issue 4</span><br /><br />This security update may appear multiple times in the <strong>Installed Updates</strong> list after you install it. This occurs because this update is applied to multiple Office applications. </li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2494001”>2494001 </a> MS11-074: Description of the security update for Microsoft SharePoint Foundation 2010: September 13, 2011 <br /><br />Known issues in security update 2494001:<ul><li>The InfoPath browser forms that contain the Person/Group Picker fields that are bound to controls that reside on multiple views do not keep their values on when you switch views.<br /><br />To work around this issue, you can install the following August SharePoint Cumulative Update:<div><a href=“https://support.microsoft.com/en-us/help/2553031”>2553031 </a> Description of the SharePoint Foundation 2010 hotfix package (sts-x-none.msp): August 30, 2011 </div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2494007”>2494007 </a> MS11-074: Description of the security update for Windows SharePoint Services 2.0: September 13, 2011 <br /><br /><br /><br />Known issues in security update 2494007:<br /><ul><li> After you install security update 2494007, some Data View Web Parts may stop rendering in a web browser. When the problem occurs, you may receive an error message that resembles the following:<br /><br /><br /><br /><div>Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Windows SharePoint Services-compatible HTML editor such as FrontPage. If the problem persists, contact your Web server administrator.<br /></div><br /><br />For more information about this known issue, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/2623732”>2623732 </a> Security Update MS11-074 for WSS 2.0/SPS 2003 breaks Data View Web Part<br /></div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2494022”>2494022 </a> MS11-074: Description of the security update for Office SharePoint Server 2010 (osrchwfe): September 13, 2011 </li><li><a href=“https://support.microsoft.com/en-us/help/2508964”>2508964 </a> MS11-074: Description of the security update for Microsoft Office SharePoint Server 2007 (coreserver.msp): September 13, 2011 <br /><br />Known issues in security update 2508964:<ul><li><span>Known issue 1</span><br /><br /><span>Symptom</span><div>If the SharePoint Products and Technologies Configuration Wizard does not finish its task, SharePoint may be left in an inconsistent state. You may be unable to browse the Central Administration or SharePoint site, and you may receive one of the following error messages:<br /><br /><span>Error message 1<br /><br /></span><div>Server Error: http://go.microsoft.com/fwlink?LinkID=96177</div><br /><span>Error message 2<br /><br /></span><div>HTTP 404 Not Found</div><br /><span>Error message 3<br /><br /></span><div>Cannot connect to the configuration database</div></div><br /><span>Resolution</span><br /><br /> For more information about how to resolve this issue, click the following article number to view the article in the Microsoft Knowledge Base: <div><a href=“https://support.microsoft.com/en-us/help/944267”>944267 </a> How to troubleshoot common errors that occur when you run the SharePoint Products and Technologies Configuration Wizard on a computer that is running Windows SharePoint Services 3.0 or SharePoint Server 2007 </div></li><li><span>Known issue 2</span><br /><br /><span>Symptom</span><br /><br />Users are prompted for authentication when they try to browse a SharePoint site. Windows Server 2003 SP1 and Windows Server 2008 include a loopback check security feature that helps prevent reflection attacks on your computer. Therefore, authentication fails if the fully qualified domain (FQDN) or the custom host header that you use does not match the local computer name.<br /><br /><span>Workaround</span><br /><br />There are two methods to work around this issue. Use one of the following methods, as appropriate for your situation.<br /><br /><span><span>Important </span>This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: <div><a href=“https://support.microsoft.com/en-us/help/322756”>322756 </a>How to back up and restore the registry in Windows </div></span><br /><span>Method 1: Specify host names (the preferred method for NTLM authentication)</span><br /><br />To specify the host names that are mapped to the loopback address and can connect to websites on your computer, follow these steps:<ol><li>Set the <span>DisableStrictNameChecking </span>registry entry to 1. <span>For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/281308”>281308 </a> Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name<br /></div></span></li><li>Click <strong>Start</strong>, click <strong>Run</strong>, type <span>regedit</span>, and then click <strong>OK</strong>.</li><li>In Registry Editor, locate and then click the following registry key:<br /><div><strong><strong>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0</strong></strong></div></li><li>Right-click <strong>MSV1_0</strong>, point to <strong>New</strong>, and then click <strong>Multi-String Value</strong>.</li><li>Type <span>BackConnectionHostNames</span>, and then press ENTER.</li><li>Right-click <strong>BackConnectionHostNames</strong>, and then click <strong>Modify</strong>.</li><li>In the <strong>Value data</strong> box, type the host name or the host names for the sites that are on the local computer, and then click <strong>OK</strong>.</li><li>Exit Registry Editor, and then restart the IISAdmin service.</li></ol><br /><span>Method 2: Disable the loopback check (the less-recommended method) </span><span><br /><br /><span>Warning</span> This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.</span><br /><br />The second method is to disable the loopback check by setting the <span>DisableLoopbackCheck</span> registry entry.<br /><br />To set the <span>DisableLoopbackCheck</span> registry key, follow these steps:<br /><ol><li>Set the DisableStrictNameChecking registry entry to 1. <span>For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:<br /><div><a href=“https://support.microsoft.com/en-us/help/281308”>281308 </a> Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name<br /></div></span></li><li>Click <strong>Start</strong>, click <strong>Run</strong>, type <span>regedit</span>, and then click <strong>OK</strong>.</li><li>In Registry Editor, locate and then click the following registry key:<br /><div><strong><strong>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa</strong></strong></div></li><li>Right-click <strong>Lsa</strong>, point to <strong>New</strong>, and then click <strong>DWORD Value</strong>.</li><li>Type <span>DisableLoopbackCheck</span>, and then press ENTER.</li><li>Right-click <strong>DisableLoopbackCheck</strong>, and then click <strong>Modify</strong>.</li><li>In the <strong>Value data</strong> box, type <span>1</span>, and then click <strong>OK</strong>.</li><li>Exit Registry Editor, and then restart your computer.</li></ol>For more information, click the following article number to view the article in the Microsoft Knowledge Base: <div><a href=“https://support.microsoft.com/en-us/help/926642”>926642 </a> Error message when you try to access a server locally by using its FQDN or its CNAME alias after you install Windows Server 2003 Service Pack 1: “Access denied” or “No network provider accepted the given network path”</div></li><li><span>Known issue 3</span><br /><br />After you install this security update on a Windows Small Business Server-based computer that is running Office SharePoint Server 2007, in some scenarios, the SharePoint Companyweb and Central Administration pages may not be available. For more information about this issue and about how to resolve the issue, visit the following Microsoft TechNet webpage: <div><a href=“http://blogs.technet.com/b/sbs/archive/2010/06/18/companyweb-and-sharepoint-central-admin-not-accessible-after-installing-kb983444.aspx” target=“_self”>http://blogs.technet.com/b/sbs/archive/2010/06/18/companyweb-and-sharepoint-central-admin-not-accessible-after-installing-kb983444.aspx</a></div></li><li><span>Known issue 4</span><br /><br />This security update may appear multiple times in the <strong>Installed Updates</strong> list after you install it. This occurs because this update is applied to multiple Office applications. </li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2508965”>2508965 </a> MS11-074: Description of the security update for Groove Server 2010 (ems.msp, emsmui.msp, grs.msp): September 13, 2011 <br /><br />Known issues in security update 2508965:<ul><li>Even if you have a successful installation, you may find that the entry for this security update is missing in Add or Remove Programs.<br /><br />To determine whether the update is already installed on the system, save the following Visual Basic script as “Groove_KB2508965_Check.vbs.” Then, run it with administrative credentials. The script displays a dialog box that shows the detection results.<div><pre><code>Set msi = CreateObject(“WindowsInstaller.Installer”)<br /><br />sMspTargets = “{90140000-1106-0000-1000-0000000FF1CE};{90140000-1109-0000-1000-0000000FF1CE}”<br /><br />sResult = “”<br /><br />For Each prod in msi.Products<br /><br /> If InStr(sMspTargets,prod) > 0 Then<br /><br /> sPatchCode = “{6EA8F18D-803D-4CB7-AC71-F674B7500670}”<br /><br /> If prod = “{90140000-1109-0000-1000-0000000FF1CE}” Then sPatchCode = “{ACF593FE-E06A-44AB-8872-A8C1BDDE93F5}”<br /><br /> fMspInstalled = False<br /><br /> Set Patches = msi.PatchesEx(prod,“”,4,3)<br /><br /> For Each msp in Patches<br /><br /> If msp.PatchCode = sPatchCode Then<br /><br /> sResult = sResult & msi.ProductInfo(prod,“ProductName”) & “: The update is already installed on this system.” & vbCrLf<br /><br /> fMspInstalled = True<br /><br /> Exit For<br /><br /> End If<br /><br /> Next<br /><br /> If Not fMspInstalled Then sResult = sResult & msi.ProductInfo(prod,“ProductName”) & “: The update is not installed on this system.” & vbCrLf<br /><br /> End If<br /><br />Next<br /><br />If sResult = “” Then sResult = "There are no products affected by this package on this system."MsgBox sResult,"Security Update for Microsoft Groove Server 2010 (KB2508965)“2508965)”</code></pre></div></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2552997”>2552997 </a> MS11-074: Description of the security update for Groove 2007 (groove.msp): September 13, 2011<br /><br />Known issues in security update 2552997:<ul><li>The Groove security update does not appear up in Add or Remove Programs. The system administrator can determine whether the update is installed by opening the SharePoint Configuration Manager console.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2552998”>2552998 </a> MS11-074: Description of the security update for Groove Server 2007 (ems.msp, emsmui.msp): September 13, 2011<br /><br />Known issues in security update 2552998:<ul><li>The Groove security update does not appear up in Add or Remove Programs. The system administrator can determine whether the update is installed by opening the SharePoint Configuration Manager console.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2552999”>2552999 </a> MS11-074: Description of the security update for Office Groove Server 2007 Data Bridge: September 13, 2011<br /><br />Known issues in security update 2552999: <ul><li>The Groove security update does not appear up in Add or Remove Programs. The system administrator can determine whether the update is installed by opening the SharePoint Configuration Manager console.</li><li>You may receive the following message: <div><div>After this update completes, run the SharePoint Products and Technologies Configuration Wizard to finalize the update.</div></div>You receive this message in error, and the error condition does not apply.</li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2553001”>2553001 </a> MS11-074: Description of the security update for Office SharePoint Server 2007: September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2553002”>2553002 </a> MS11-074: Description of the security update for Office SharePoint Server 2007 for Search: September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2553003”>2553003 </a> MS11-074: Description of the security update for Office SharePoint Server 2007 (dlc): September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2553005”>2553005 </a> MS11-074: Description of the security update for Office Forms Server 2007 (ipfs.msp): September 13, 2011 </li><li><a href=“https://support.microsoft.com/en-us/help/2560885”>2560885 </a> MS11-074: Description of the security update for SharePoint Server 2010 (osrv): September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2560890”>2560890 </a> MS11-074: Description of the security update for SharePoint Server 2010 (pplwfe): September 13, 2011<br /><br />Known issues in security updatge 2560890: <ul><li>After you install this security update, profile synchronization may stop functioning and you may find an error message that resembles the following in EventVwr:<div><div>The server encountered an unexpected error and stopped. <br />"BAIL: MMS(2532): storeimp.cpp(308): 0x80230443 (Service start up has failed. Cannot open the FIM Synchronization Service database because the database schema version in existing database does not match the required version.)</div></div><span>Resolution</span><br /><br />You must restart the User Profile Synchronization Service for profile synchronization to work correctly.<ol><li>Open <strong>Central Administration</strong>. </li><li>Click <strong>Manage Services</strong> on the <strong>System Settings</strong> section. </li><li>Find <strong>User Profile Synchronization Service</strong> in the list of services and then click <strong>Stop</strong> if its status is <strong>Started</strong>. Click <strong>Start</strong> and provide the credentials to start the <strong>User Profile Synchronization Service</strong>.</li></ol></li></ul></li><li><a href=“https://support.microsoft.com/en-us/help/2566445”>2566445 </a> MS11-074: Description of the security update for SharePoint Workspace 2010: September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2566449”>2566449 </a> MS11-074: Description of the security update for Microsoft Office 2010 Web Apps: September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2566450”>2566450 </a> MS11-074: Description of the security update for Microsoft Word Online 2010: September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2566456”>2566456 </a> MS11-074: Description of the security update for Microsoft SharePoint Server 2010: September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2566954”>2566954 </a> MS11-074: Description of the security update for SharePoint Server 2010 (dlc): September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2566958”>2566958 </a> MS11-074: Description of the security update for SharePoint Server 2010 (ppsmamui): September 13, 2011</li><li><a href=“https://support.microsoft.com/en-us/help/2566960”>2566960 </a> MS11-074: Description of the security update for SharePoint Server 2010 (wosrv): September 13, 2011</li></ul></div></body></html>