So, been a while since my last post. This is caused by the dutch elections and of course the World Championship soccer in South Africa. General outcome, dutch team advanced to the next round and political landscape is a mess. Let us focus on SharePoint once again ;-)
We have reported this to Microsoft and they have released a hotfix to counter this problem. The hotfix is reported in KB arcticle KB 2028554. In intranet situations, the risk is minimal as the attack needs to come from the inside. But for internet facing sites, this could pose a problem. You can easily test whether or not your site is prone to the breach, by using below url on your site:
WSS 3.0 hotfix: KB983444
MOSS hotfix: KB979445
Both have 32 and 64 bit versions, which totals to 4. The fix we are looking for resides in the WSS 3.0 hotfix, although applying the MOSS hotfix also on a environment that is running MOSS is obviously a good thing. But to resolve the matter at hand, only the WSS hotfix is needed.
Till next time.