This evening, Microsoft published a newly-reported security vulnerability in SharePoint 2007. The Microsoft Online Services Operations Team has taken steps to mitigate this issue in SharePoint Online Standard and protect customers’ data.
Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run an arbitrary script that could result in elevation of privilege within a SharePoint site. Details on the vulnerability are available in Microsoft Security Advisory 983438 – Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution.
To mitigate the risk posed by this reported vulnerability, we have applied a change to SharePoint Online Standard. While this change completely mitigates the vulnerability, it also has the side effect of disabling the Help feature in SharePoint. As the security of our customers’ data is our top priority, we feel this was the right decision to make as an immediate response to the security advisory. It is important to note that all SharePoint Help content is available on Office Online.
This mitigation has been deployed with no impact to service availability.
Once a SharePoint 2007 product update is available for this issue, we will deploy the fix to SharePoint Online Standard. This will allow SharePoint Help to be safely re-enabled.
Great stuff, but I want to know one thing- Sharepoint 2010 help is going to be on sharepointonline or not.