The SharePoint Product Team have announced an important mandatory security hotfix that will be released on October 9th (PST).
Be sure to note that as Windows SharePoint Services 3.0 is included with all editions of Office SharePoint Server 2007, Microsoft Office Project Server 2007, and Performance Point Server as well as any others which include WSS 3.0 you need to apply this hotfix on those environments as well.
We recommend applying this hotfix during your next planned downtime, or change management window and scheduling this with priority. This hotfix contains previously released hotfixes including the DST (Daylight Savings Time) hotfix.
First, if you have deployed “host named site collections” previously known as “host header” sites you should wait to apply the hotfix if you have more than 50 host named site collections. We will be issuing a performance related fix related to the hotfix. This hotfix will include the same hotfixes as the October 9 public update in addition to the host named site collection update performance related hotfix. You need not wait if this does not apply.
The most important thing as the title suggests is this hotfix addresses a security vulnerability in Microsoft Windows SharePoint Services 3.0 that could allow cross-site scripting. This update resolves this vulnerability. Please read the entire contents of the KB article before applying the hotfix as there are a number of known issues which should be well understood. (If these links aren’t available as you read this article, they will be shortly as the hotfix becomes available.)
To view the complete security bulletin, visit the following Microsoft Web site:
Also, Service Pack 1 for WSSv3 and MOSS 2007 has entered internal testing within Microsoft and is expected to be released soon.