MS10-072: Description of the security update for Windows SharePoint Services 3.0: October 12, 2010

Article translations Article translations
Article ID: 2345304 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS10-072. To view the complete security bulletin, visit one of the following Microsoft websites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

More information about this security update

Prerequisites to apply this security update

The following list contains prerequisites for the security update:
  • You must have Windows SharePoint Services 3.0 Service Pack 2 or a later version installed to apply this security update. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    949582 How to obtain the latest service pack for Windows SharePoint Services 3.0

Known issues with this security update

  • Known issue 1

    Symptom
    If the SharePoint Products and Technologies Configuration Wizard does not finish its task, SharePoint may be left in an inconsistent state. You may be unable to browse the Central Administration or SharePoint site, and you receive one of the following error messages:

    Error message 1

    Server Error: http://go.microsoft.com/fwlink?LinkID=96177

    Error message 2

    HTTP 404 Not Found

    Error message 3

    Cannot connect to the configuration database

    Resolution

    For more information about how to resolve this issue, click the following article number to view the article in the Microsoft Knowledge Base:
    944267 How to troubleshoot common errors that occur when you run the SharePoint Products and Technologies Configuration Wizard on a computer that is running Windows SharePoint Services 3.0 or SharePoint Server 2007
  • Known issue 2

    Symptom

    Users are prompted for authentication when they try to browse a SharePoint site. Windows Server 2003 SP1 and Windows Server 2008 include a loopback check security feature that helps prevent reflection attacks on your computer. Therefore, authentication fails if the fully qualified domain name (FQDN) or the custom host header that you use does not match the local computer name.

    Workaround

    There are two methods to work around this issue. Use one of the following methods, as appropriate for your situation.

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756 How to back up and restore the registry in Windows

    Method 1: Specify host names (the preferred method for NTLM authentication)

    To specify the host names that are mapped to the loopback address and can connect to websites on your computer, follow these steps:
    1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
      281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
    2. Click Start, click Run, type regedit, and then click OK.
    3. In Registry Editor, locate and then click the following registry key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
    4. Right-click MSV1_0, point to New, and then click Multi-String Value.
    5. Type BackConnectionHostNames, and then press ENTER.
    6. Right-click BackConnectionHostNames, and then click Modify.
    7. In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
    8. Exit Registry Editor, and then restart the IISAdmin service.

    Method 2: Disable the loopback check (the less-recommended method)

    Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

    The second method is to disable the loopback check by setting the DisableLoopbackCheck registry entry.

    To set the DisableLoopbackCheck registry key, follow these steps:
    1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
      281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
    2. Click Start, click Run, type regedit, and then click OK.
    3. In Registry Editor, locate and then click the following registry key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    4. Right-click Lsa, point to New, and then click DWORD Value.
    5. Type DisableLoopbackCheck, and then press ENTER.
    6. Right-click DisableLoopbackCheck, and then click Modify.
    7. In the Value data box, type 1, and then click OK.
    8. Exit Registry Editor, and then restart your computer.
    For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    926642 Error message when you try to access a server locally by using its FQDN or its CNAME alias after you install Windows Server 2003 Service Pack 1: "Access denied" or "No network provider accepted the given network path"
  • Known issue 3

    After you install this security update on a Windows Small Business Server-based computer that is running Windows SharePoint Services 3.0, in some scenarios, the SharePoint Companyweb and Central Administration pages may not be available. For more information about this issue and about how to resolve the issue, visit the following Microsoft TechNet webpage:
    http://blogs.technet.com/b/sbs/archive/2010/06/18/companyweb-and-sharepoint-central-admin-not-accessible-after-installing-kb983444.aspx
  • Known issue 4

    This security update may appear multiple times in the Installed Updates list after you install it. This occurs because this update is applied to multiple Office applications.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
944267 How to troubleshoot common errors that occur when you run the SharePoint Products and Technologies Configuration Wizard on a computer that is running Windows SharePoint Services 3.0 or SharePoint Server 2007

Restart information

You do not have to restart the computer after you install this security update.

Security update replacement information

This security update replaces the following security update:
983444 MS10-039: Description of the security update for Windows SharePoint Services 3.0: June 8, 2010

Removal information

You cannot remove this security update.

File information

The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For Windows SharePoint Services 3.0, 32-bit Edition:
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Camlqry.xsdNot applicable9,58102-Feb-201008:25
Cfgupddl.sqlNot applicable13809-Jul-201001:06
Configdb.sqlNot applicable65,94709-Jul-201001:54
Configup.sqlNot applicable49,18009-Jul-201001:06
Create.asxNot applicable16,35028-Oct-200917:29
Depl.xsdNot applicable62,67206-Apr-201008:52
Dwdcw20.dll12.0.6545.5000438,61611-Aug-201019:22
Dws.asxNot applicable4,44128-Oct-200917:29
Feature_0003.xmlNot applicable51112-Mar-200905:12
Fldswss.xmlNot applicable214,91303-Feb-201007:40
Msscntrs.dll_0001.x8612.0.6529.500088,40803-Feb-201009:24
Mssdmn.exe_0001.x8612.0.6539.5000280,94409-Jun-201008:49
Mssearch.exe_0005.x8612.0.6539.5000156,05609-Jun-201008:49
Mssph.dll_0001.x8612.0.6544.5000701,77604-Aug-201008:03
Mssrch.dll_0001.x8612.0.6539.50002,063,69609-Jun-201008:49
Nlhtml.dll_0002.x862008.1231.6510.5000123,24022-Jun-200911:59
Offfilt.dll_0002.x862008.1231.6532.5000199,53620-Mar-201009:15
Offprsx.dll12.0.6529.50001,133,46403-Feb-201008:20
Onetutil.dll12.0.6545.50021,980,28024-Aug-201020:59
Owssvr.dll_000112.0.6545.50023,024,76024-Aug-201021:42
Owstimer.exe_000112.0.6520.500054,62413-Oct-200906:14
Query9x.dll_0002.x8612.0.6510.500081,21617-Jun-200923:27
Rgnldflt.xmlNot applicable14,76009-Jul-201001:11
Schema.xml_announceNot applicable92,05423-Apr-200905:30
Schema.xml_discussNot applicable325,96303-Feb-201007:40
Schema.xml_usersNot applicable371,41610-Sep-200903:21
Searchom.dll_0003.x8612.0.6545.50001,462,65612-Aug-201002:13
Searchom.dll_0005.x8612.0.6545.50001,462,65612-Aug-201002:13
Sigcfg.cerNot applicable68909-Jul-201001:54
Sigcfg.dllNot applicable8,03209-Jul-201001:54
Sigcfg.sqlNot applicable41,76109-Jul-201001:54
Sigsdb.cer.x86Not applicable68903-Feb-201009:24
Sigsdb.dll.x86Not applicable8,03203-Feb-201009:24
Sigsdb.sql.x86Not applicable154,21103-Feb-201009:24
Sigstore.cerNot applicable68911-Aug-201019:13
Sigstore.dllNot applicable8,02411-Aug-201019:13
Sigstore.sqlNot applicable403,49411-Aug-201019:13
Store.sqlNot applicable2,760,84111-Aug-201019:13
Storeup.sqlNot applicable2,685,96411-Aug-201017:38
Stoupddl.sqlNot applicable13809-Jul-201001:06
Stsadm.exe12.0.6539.5000571,29611-Jun-201004:24
Stsap.dll12.0.6536.5000628,63228-Apr-201001:16
Stslib.dll_000112.0.6517.5000128,87218-Sep-200905:41
Stsom.dll12.0.6545.50029,570,16824-Aug-201021:42
Stsom.dll_000112.0.6545.50029,570,16824-Aug-201021:42
Stssoap.dll12.0.6535.5000313,20808-Apr-201011:57
Stswel.dll12.0.6545.50021,936,76024-Aug-201021:42
Stswfacb.dll12.0.6505.5000194,44006-May-200914:35
Stswfact.dll12.0.6505.5000194,44006-May-200914:35
Timezone.xmlNot applicable64,37509-Jul-201001:11
Tquery.dll_0002.x8612.0.6542.50002,357,58421-Jul-201006:59
Wss.rsxNot applicable453,41003-Feb-201007:37
Wss.search.sql.x86Not applicable431,50103-Feb-201009:24
Wss.search.up.sql.x86Not applicable338,77603-Feb-201008:41
Wss.xsdNot applicable72,86712-Aug-200901:10
Wsspreupgradecheck.xmlNot applicable10,57413-Oct-200905:24
Xmlfiltr.dll.x862008.1231.6514.5000102,24818-Aug-200907:42
For Windows SharePoint Services 3.0, 64-bit Edition:
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Camlqry.xsdNot applicable9,58102-Feb-201008:25Not applicable
Cfgupddl.sqlNot applicable13809-Jul-201001:06Not applicable
Configdb.sqlNot applicable65,94709-Jul-201001:54Not applicable
Configup.sqlNot applicable49,18009-Jul-201001:06Not applicable
Create.asxNot applicable16,35028-Oct-200917:29Not applicable
Depl.xsdNot applicable62,67206-Apr-201008:52Not applicable
Dwdcw20.dll12.0.6545.50001,093,46411-Aug-201017:31x64
Dws.asxNot applicable4,44128-Oct-200917:29Not applicable
Feature_0003.xmlNot applicable51112-Mar-200905:12Not applicable
Fldswss.xmlNot applicable214,91303-Feb-201007:40Not applicable
Msscntrs.dll_0001.x6412.0.6529.5000437,08003-Feb-201008:46Not applicable
Mssdmn.exe_0001.x6412.0.6539.5000797,04009-Jun-201006:58Not applicable
Mssearch.exe_0005.x6412.0.6539.5000572,31209-Jun-201006:58Not applicable
Mssph.dll_0001.x6412.0.6544.50001,956,17604-Aug-201008:18Not applicable
Mssrch.dll_0001.x6412.0.6539.50004,758,86409-Jun-201006:58Not applicable
Nlhtml.dll_0002.x642008.1231.6510.5000228,19217-Jun-200921:48Not applicable
Offfilt.dll_0002.x642008.1231.6532.5000387,95217-Mar-201011:57Not applicable
Offprsx.dll12.0.6529.50001,760,15203-Feb-201008:25x64
Onetutil.dll12.0.6545.50023,385,20824-Aug-201020:52x64
Owssvr.dll_000112.0.6545.50025,163,89624-Aug-201021:26Not applicable
Owstimer.exe_000112.0.6520.500089,44013-Oct-200906:03Not applicable
Query9x.dll_0002.x6412.0.6510.5000219,45617-Jun-200923:01Not applicable
Rgnldflt.xmlNot applicable14,76009-Jul-201001:11Not applicable
Schema.xml_announceNot applicable92,05423-Apr-200905:30Not applicable
Schema.xml_discussNot applicable325,96303-Feb-201007:40Not applicable
Schema.xml_usersNot applicable371,41610-Sep-200903:21Not applicable
Searchom.dll_0003.x6412.0.6545.50001,565,05611-Aug-201019:55Not applicable
Searchom.dll_0005.x6412.0.6545.50001,565,05611-Aug-201019:55Not applicable
Sigcfg.cerNot applicable68909-Jul-201001:54Not applicable
Sigcfg.dllNot applicable8,03209-Jul-201001:54x86
Sigcfg.sqlNot applicable41,76109-Jul-201001:54Not applicable
Sigsdb.cer.x64Not applicable68903-Feb-201009:24Not applicable
Sigsdb.dll.x64Not applicable8,03203-Feb-201009:24Not applicable
Sigsdb.sql.x64Not applicable154,21103-Feb-201009:24Not applicable
Sigstore.cerNot applicable68911-Aug-201019:13Not applicable
Sigstore.dllNot applicable8,02411-Aug-201019:13x86
Sigstore.sqlNot applicable403,49411-Aug-201019:13Not applicable
Store.sqlNot applicable2,760,84111-Aug-201019:13Not applicable
Storeup.sqlNot applicable2,685,96411-Aug-201017:38Not applicable
Stoupddl.sqlNot applicable13809-Jul-201001:06Not applicable
Stsadm.exe12.0.6539.5000571,29611-Jun-201005:07x86
Stsap.dll12.0.6536.5000628,63228-Apr-201001:03x86
Stslib.dll_000112.0.6517.5000128,87218-Sep-200905:32Not applicable
Stsom.dll12.0.6545.50029,570,16824-Aug-201021:26x86
Stsom.dll_000112.0.6545.50029,570,16824-Aug-201021:26Not applicable
Stssoap.dll12.0.6535.5000313,20808-Apr-201011:41x86
Stswel.dll12.0.6545.50023,328,88824-Aug-201021:26x64
Stswfacb.dll12.0.6505.5000194,45606-May-200914:15x86
Stswfact.dll12.0.6505.5000194,45606-May-200914:15x86
Timezone.xmlNot applicable64,37509-Jul-201001:11Not applicable
Tquery.dll_0002.x6412.0.6542.50004,783,95221-Jul-201006:05Not applicable
Wss.rsxNot applicable453,41003-Feb-201007:37Not applicable
Wss.search.sql.x64Not applicable431,50103-Feb-201009:24Not applicable
Wss.search.up.sql.x64Not applicable338,77603-Feb-201008:41Not applicable
Wss.xsdNot applicable72,86712-Aug-200901:10Not applicable
Wsspreupgradecheck.xmlNot applicable10,57413-Oct-200905:24Not applicable
Xmlfiltr.dll.x642008.1231.6514.5000204,13614-Aug-200915:25Not applicable

Properties

Article ID: 2345304 - Last Review: June 21, 2014 - Revision: 5.0
Applies to
  • Microsoft Windows SharePoint Services 3.0
Keywords: 
kbqfe kbbug kbfield kbsecbulletin kbsecurity kbsecurityservices kbsecvulnerability kbsurveynew kbexpertiseinter KB2345304

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com