MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services could allow cross-site scripting and spoofing attacks (887981)


The information in this article applies to:

  • Microsoft Windows SharePoint Services
Microsoft has released security bulletin MS05-006. The security bulletin contains all the relevant information about the security update. This includes the file manifest information and the deployment options. To view the security bulletin, visit the following Microsoft Web sites:

SharePoint Team Services from Microsoft

Microsoft has released an update to SharePoint Team Services from Microsoft that resolves the issues that are described in MS05-006. The issues that are described in MS05-006 are resolved on computers that have SharePoint Team Services from Microsoft installed. For more information about this update, click the following article number to view the article in the Microsoft Knowledge Base:

890829 Description of the Security Update for SharePoint Team Services: February 8, 2005

Known issues

Known issues that may occur after the security update is installed

When you connect to your Microsoft Windows SharePoint Services Web site after you install the SharePoint Team Services security update, you may receive an error message. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

841216 "0x80040E14" or "HTTP 500" error message when you connect to your Windows SharePoint Services Web site after you install a Windows SharePoint Services service pack or a security update

Special considerations for Turkish-language customers

Microsoft Windows SharePoint Services displays the value of the Turkish Lira only in TL format. When you add a Currency column in Windows SharePoint Services, there is no option to configure the column so that the value of the Turkish Lira is displayed in the old TL format and in the new YTL format.

Note This update resolves the Turkish Lira issue for only the Turkish-language version and English-language version of Windows SharePoint Services.

To resolve the Turkish Lira issue, you must do the following:
  • Install the Security Update for Windows SharePoint Services (KB887981) on the computer that is running Windows SharePoint Services.
  • Install the Update for Office 2003 (KB887980) on the computer that is running Microsoft Office FrontPage 2003.
For more information about the update for Office 2003 (KB887980), click the following article number to view the article in the Microsoft Knowledge Base:

887980 Description of the update for Office 2003: February 8, 2005

Issues that the security update fixes

Besides the issues that are described in the security bulletin, the Security Update for Windows SharePoint Services (KB887981) addresses the issues that are described in the following Microsoft Knowledge Base articles:

  • 886676 Description of the Windows SharePoint Services post-Service Pack 1 hotfix package: October 12, 2004











  • 867811 Description of the Windows SharePoint Services post-Service Pack 1 hotfix package: September 16, 2004




  • 887810 Description of the Windows SharePoint Services post-Service Pack 1 hotfix package: October 19, 2004


  • 888505 Description of the Windows SharePoint Services post-Service Pack 1 hotfix package: November 13, 2004


  • 827930 Error messages when you delete or rename large folders or sites in Windows SharePoint Services


  • 890337 Description of the Microsoft Office FrontPage 2003 post-Service Pack 1 hotfix package: December 3, 2004

Besides the issues that are described in the security bulletin, the Security Update for Windows SharePoint Services (KB887981) addresses the following Windows SharePoint Services issues that were not previously documented in a Microsoft Knowledge Base article:
  • After you uninstall Windows SharePoint Services, the WMSDE SQL Service (MSSQL$SHAREPOINT service) continues to run. Additionally, its Startup type is set to Automatic.
  • You receive the following error message when you try to enable a full-text search in the SearchAdmin.aspx Web page:
    Thread was being aborted
  • Users without permissions to a Windows SharePoint Web site can upload files by using the PUT method with the "If-None-Match" clause.
  • You receive the following error message:
    The content databases in this cluster have exceeded the warning Web site count. Either change the content database Web site capacity settings or add more content databases.
    Note This error message occurs when you restore a site even if the content databases in the cluster have not exceeded the maximum limit.
  • When a restore operation fails, an entry for the site that you want to restore is added in the config database.

Error signature details

The following table contains error signatures. You can use this table to assess your needs of applying the security update.
szAppNameszAppVerszModNameszModVerOffset
w3wp.exe6.0.3790.0stswel.dll11.0.5530.00002b563
w3wp.exe6.0.3790.0stswel.dll11.0.6361.0000417f5
w3wp.exe6.0.3790.0stswel.dll11.0.5507.00002b565
w3wp.exe6.0.3790.0stswel.dll11.0.5329.10002b388
w3wp.exe6.0.3790.0stswel.dll11.0.5530.00002b560
w3wp.exe6.0.3790.0stswel.dll11.0.5528.00002b563
w3wp.exe6.0.3790.0owssvr.dll11.0.5530.00017354a
w3wp.exe6.0.3790.0owssvr.dll11.0.5329.60017289c
w3wp.exe6.0.3790.0owssvr.dll11.0.5110.3001609af
w3wp.exe6.0.3790.1069onetutil.dll11.0.5530.0000a8021
w3wp.exe6.0.3790.1069onetutil.dll11.0.5530.0000a8015
w3wp.exe6.0.3790.0onetutil.dll11.0.5530.0000a8021
w3wp.exe6.0.3790.0onetutil.dll11.0.5530.0000a8015
w3wp.exe6.0.3790.0onetutil.dll11.0.6358.0000a840a
w3wp.exe6.0.3790.0onetutil.dll11.0.6358.0000a83fe
Modification Type:MinorLast Reviewed:7/5/2006
Keywords:kbWSSSP2fix atDownload kbBug KbSECVulnerability KbSECBulletin kbSecurity kbDownload kbfix kbUpdate KB887981 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.