The Microsoft SharePoint servers remain vulnerable but a patch is on its way, data security firm Imperva has said.
“Since April 12, all Microsoft SharePoint users have been vulnerable to a web-based attack on their help.aspx page,” says Imperva.
The problem was identified on April 29th and Microsoft has since been working on a fix.
The patch is due for release on June 8th “possibly for the web interface” adds Imperva.
“Everyone with a public facing SharePoint portal needs a web application firewall (WAF) to mitigate this vulnerability while waiting for Microsoft to release a patch. Many organisations have unprotected SharePoint servers accessible from the Internet, for partners and customers to access.”
10 patches are expected to be released next week as part of the latest Microsoft update.