Today one of my client stated that he could not open the ‘Set Blog Permissions’ link on one of this Blogs and got the error message.
I checked the same on my test site and see the same behavior. Now question is why this is happening?
To give you background: We have SharePoint Help disallowed in our environment due to loop whole for the vulnerability attach with the Help.aspx page as per the MS security Bulletin release. http://technet.microsoft.com/en-us/security/bulletin/MS10-039.
Just going a bit out of track from here, to suggest some other methods to disallow the help in SharePoint. To Disallowing access to the help content page can be manually done need to run a small SharePoint farm. Follow the steps.
- open up IIS management console
- find the web application responsible for the public portal
- find the _layouts virtual folder
- find the file help.aspx and open the Properties window for that file
- Change the access permissions for that file.
- repeat these steps for "HelpSearch.aspx", too
You'll have to repeat these steps on all servers in your web farm.
You can easily test whether or not your site is prone to the breach, by using below url on your site:
If your site is prone, you will see a JavaScript popup stating your site is hacked.
Hot fixes to resolve the vulnerabilities: WSS 3.0 hotfix: KB983444, MOSS hotfix: KB979445
Coming back to original question why ‘Set Blog Permissions’ link was not working for the client is that when we click the Set blog permissions link in the Admin web art page of the blog site. It tried to call the java script method/functions
“javascript:HelpWindowsKey(%27MS_WSS_SetBlogPermissions%27)”.
This script tries to call the Help.aspx, helpcontent.aspx page using HelpWindowsKey function. Since the Help doesn’t work so does this window.
No comments:
Post a Comment