=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN577
_____________________________________________________________________

DATE                      : 10/12/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Microsoft Office SharePoint Server.

======================================================================
KB957175
http://www.microsoft.com/technet/security/bulletin/ms08-077.mspx
______________________________________________________________________

Microsoft Security Bulletin MS08-077 - Important
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation
of Privilege (957175)

   Published: December 9, 2008

   Version: 1.0

General Information

Executive Summary

   This security update resolves a privately reported vulnerability. The
   vulnerability could allow elevation of privilege if an attacker bypasses
   authentication by browsing to an administrative URL on a SharePoint site.
   A successful attack leading to elevation of privilege could result in
   denial of service or information disclosure.

   This security update is rated Important for all supported editions of
   Microsoft Office SharePoint Server 2007 and Microsoft Search Server 2008.
   For more information, see the subsection, Affected and Non-Affected
   Software, in this section.

   For more information about the vulnerability, see the Frequently Asked
   Questions (FAQ) subsection for the specific vulnerability entry under the
   next section, Vulnerability Information.

   Recommendation. Microsoft recommends that customers apply the update at the
   earliest opportunity.

   Known Issues. Microsoft Knowledge Base Article 957175 documents the
   currently known issues that customers may experience when installing this
   security update. The article also documents recommended solutions for these
   issues.

Affected Software

   Microsoft Office SharePoint Server 2007 (32-bit editions)

   Microsoft Office SharePoint Server 2007 Service Pack 1 (32-bit editions)

   Microsoft Office SharePoint Server 2007 (64-bit editions)

   Microsoft Office SharePoint Server 2007 Service Pack 1 (64-bit editions)

   Microsoft Search Server 2008 (32-bit editions)*

   Microsoft Search Server 2008 (64-bit editions)**

   * Includes Microsoft Search Server 2008 Express (32-bit)

   ** Includes Microsoft Search Server 2008 Express (64-bit)

Vulnerability Information

Access Control Vulnerability - CVE-2008-4032

   An elevation of privilege vulnerability exists in Microsoft Office
   SharePoint Server 2007 and Microsoft Office SharePoint Server 2007
   Service Pack 1. The vulnerability could allow elevation of privilege if
   an attacker bypasses authentication by browsing to an administrative URL
   on a SharePoint site. A successful attack leading to elevation of
   privilege could result in denial of service or information disclosure.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================