ASP. NET security risks and workaround in SharePoint

09.29 update: Microsoft has released a patch, detailed description see: http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx

A security meeting a few days ago published an ASP.. Net Security Risks (both in versions 1.0 and 4.0). Hackers can use this risk to obtain the website's web. the Config File (usually stores some sensitive information, such as database connection strings) and obtains the encryption information in viewstate.

Microsoft released workaround two days ago. The impact of this security risk on SharePoint involves the following products:

• SharePoint 2010 Server & Foundation
• Office Sharepoint Server 2007
• Windows SharePoint Services 3.0 & 2.0

A temporary solution is as follows:

For SharePoint 2010 (Server & Foundation):

1. Go to the layouts directory of the front-end server (% ProgramFiles % \ common files \ microsoft shared \ Web Server Extensions \ 14 \ template \ layouts)

2. Create an error2.aspx with the following content:

 
1: <% @ Page Language = "C #" autoeventwireup = "true" %>
 

2: <% @ Import namespace = "system. Security. Cryptography" %>
 

 
3: <% @ Import namespace = "system. Threading" %>
 

 
4:
 

 5:   <  Script   Runat  = "Server"  > 
 
1:
 
 
2:VoidPage_load (){
 
3:Byte[] Delay =New Byte[1];
 
 
4:Randomnumbergenerator PRNG =NewRngcryptoserviceprovider ();
 
 
5:
 
 
6:PRNG. getbytes (Delay );
 
 
7:Thread. Sleep ((Int) Delay [0]);
 
 
8:
 
 
9:Idisposable disposable = PRNGAsIdisposable;
 
10:If(Disposable! =Null) {Disposable. Dispose ();}
 
 
11:}
 
 
</Script>
 
 
6:
 
 
7: <Html>
 
 
8: <Head Runat= "Server">
 
9:<Title>Error</Title>
 
 
10: </Head>
 
 
11: <Body>
 
 
12:<Div>
 
 
13:An error occurred while processing your request.
 
14:</Div>
 
 
15: </Body>
 
 
16: </Html>
 
 
 
 
3. Go to the IIS virtual directory (% systemdrive % \ Inetpub \ wwwroot \ WSS \ virtualdirectories)
 
 
4. In the virtual directory of each website, modify the customerrors node in Web. config:
 
1: <Customerrors Mode= "On" Redirectmode= "Responserewrite" Defaultredirect= "/_ Layouts/error2.aspx" />
 
 
 
 
5. Go to the ISAPI directory of SharePoint root (% ProgramFiles % \ common files \ microsoft shared \ Web Server Extensions \ 14 \ ISAPI)
 
 
6. Back up the web. config file and add the following content before <system. Web>:
 
 
1: <System. Webserver>
 
2:<Handlers>
 
 
3:<Remove Name= "AssemblyResourceLoader-Integrated-4.0" />
 
 
4:<Remove Name= "Assemblyresourceloader-integrated" />
 
5:</Handlers>
 
 
6: </System. Webserver>
 
 
 
 
7. Restart IIS
 
 
In SharePoint 2007 (MOSS & WSS 3.0):
 
 
1. Go to the ISAPI subdirectory of the 12 directory (% ProgramFiles % \ common files \ microsoft shared \ Web Server Extensions \ 12 \ ISAPI)
 
 
2. Back up Web. config and add the following content after <customerrors mode = "on"/>:
 
 
1: <Httphandlers>
 
2:<Remove Path= "Webresource. axd" Verb= "Get"/>
 
 
3: </Httphandlers>
 
 
 
 
3. Restart IIS
 
 
ReferenceArticle:
 
 
1. Important: ASP. NET Security Vulnerability
 
 
2. Security Advisory 2416728 (vulnerability in ASP. NET) and SharePoint