I am not taking an exam I have a server problem and I work for a nonprofit charity I have to do all the technology and finance with limited resources I rely on this resource for help My prior posting was deleted for the cause of an exam which is not the case With all that out of the way here is my issue... The technet security bulletin for ms10-072 discusses solution to SharePoint Services 3.0 for a multiple cross site scripting vulnerability. I have gone through all the solutions suggested. My updates show KB2345304 is installed on the server (Server 2008 R2). I did a workaround suggested for adding host names loopback in a registry setting called BackConnectionHostNames. I ran the Sharepoint Technology Configuration Wizard and restarted the server. My server is configured to receive windows updates automatically and they are all current. Is there anything else I can do to make sure the updates are applied and running for Sharepoint Services 3.0 to eliminate this risk? I have spent three days on this and I appreciate any ideas.