Yesterday, we released a security bulletin summary for December 2008. Within the bulletin summary, you will find Microsoft Security Bulletin MS08-077 which is a security update that resolves a privately reported vulnerability. This security update is rated as important and addresses the elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. The affected products are SharePoint Server 2007 and Search Server 2008. The security update was included within the October Cumulative Update so for those that have not applied the October CU, we recommend applying this security update at the earliest opportunity. Finally, we are planning to include this security update in Service Pack 2. Please follow best practices by testing and also make sure you have a recoverable backup of your environment before final deployment.
Jie Li & Dave PaeSharePoint Technical Product Manager