[German]Microsoft issued two security advisories on December 17, 2019, which warn of vulnerabilities in SharePoint Server and refer to LDAP Channel Binding and LDAP Signing.
Advertising
Microsoft SharePoint Server CVE-2019-1491
An information disclosure vulnerability exists in Microsoft SharePoint, CVE-2019-1491, that has allowed hackers to obtain sensitive information. An attacker who exploited this vulnerability could read arbitrary files on the server. To exploit the vulnerability, an attacker would have to send a specially crafted request to a vulnerable SharePoint Server instance.
Microsoft has released a patch as part of the December 2019 Security Updates. The update addresses the vulnerability by modifying the way requests are processed by the affected APIs. In the Security Advisory dated December 17, 2019, it is announced that the CVE has undergone a major revision.
* CVE-2019-1491 Revision Information:
Microsoft SharePoint Server Information Disclosure Vulnerability
– Version: 1.0
– Reason for Revision: Information published.
This CVE was added to this month's security updates. This is just an information change. Customers who have successfully installed the appropriate updates do not need to take any further action.
Security Advisories ADV190023 December 17, 2019
Microsoft has also released the Security Advisory ADV190023 with instructions for enabling LDAP channel binding and LDAP signature:
Advertising
* Microsoft Security Advisory ADV190023
– Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
– Reason for Revision: In the Recommended Actions section, updated the opening
sentence to indicate that the Windows update will be available in March 2020.
– Originally posted: August 13, 2019
– Updated: December 17, 2019
– Version: 1.2
Details can be found in the very extensive Microsoft document ADV190023.
Advertising
