Friday, October 12, 2007

Important Security Hotfix for WSS

Please Install New Security Hotfix MS07-059

We will be releasing a security hotfix for Windows SharePoint Services MS07-059 on October 9th. Be sure to note that as Windows SharePoint Services 3.0 is included with all editions of Office SharePoint Server 2007, Microsoft Office Project Server 2007, and Performance Point Server as well as any others which include WSS 3.0 you need to apply this hotfix on those environments as well.

We recommend applying this hotfix during your next planned downtime, or change management window and scheduling this with priority. This hotfix contains previously released hotfixes including the DST (Daylight Savings Time) hotfix.

First, if you have deployed "host named site collections" previously known as "host header" sites you should wait to apply the hotfix if you have more than 50 host named site collections. We will be issuing a performance related fix related to the hotfix. This hotfix will include the same hotfixes as the October 9 public update in addition to the host named site collection update performance related hotfix. You need not wait if this does not apply.

The most important thing as the title suggests is this hotfix addresses a security vulnerability in Microsoft Windows SharePoint Services 3.0 that could allow cross-site scripting. This update resolves this vulnerability. Please read the entire contents of the KB article before applying the hotfix as there are a number of known issues which should be well understood.

934525 ( Description of the security update for Windows SharePoint Services 3.0: October 9, 2007
937832 ( Description of the security update for SharePoint Server 2007: October 9, 2007

To view the complete security bulletin, visit the following Microsoft Web site:

How to deploy software updates for Windows SharePoint Services 3.0

We recommend that you follow the process and procedures in the Deploy software updates for Windows SharePoint Services 3.0 topic for most deployment scenarios, from stand-alone server deployments to very large server farms.

If you are running Office SharePoint Server you may find additional guidance in the article Deploy software updates for Office SharePoint Server 2007.

Other relevant recent posts:

Hotfixes, Service packs, and password resets

Daylight Savings Time Hotfix post

No comments: