[German]A brief note for administrators in enterprises, who are responsible for Sharepoint installations. The details regarding an RCE vulnerability have now become public. It is important to patch the affected installations quickly.
Sharepoint server is becoming a bit of a ‘problem bear’ for administrators. As recently as June, I reported a vulnerability and a proof of concept (PoC) for an RCE vulnerability in the article SharePoint: PoC for RCE Vulnerability CVE-2020-1181 . However, the current case involves the CVE-2020-1147 RCE vulnerability.
Sharepoint RCE vulnerability CVE-2020-1147
CVE-2020-1147 is a vulnerability that allows a remote code execution (RCE). It also affects the .NET Framework, Microsoft SharePoint and Visual Studio. A remote code execution vulnerability exists if the software does not validate the source markup of the XML file input, also known as the .NET Framework, SharePoint Server, and Visual Studio remote code execution vulnerability. This occurs during dataset and datatable accesses and a base score of 7.8 was assigned to this CVE.
Microsoft has released the support article CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability and released corresponding updates for the .NET Framework on July 14, 2020. All SharePoint servers still in support from 2010 to 2019 are affected.
CVE-2020-1147 details announced
A few days ago, security researcher Steven Seeley published a complete analysis of the problem and how it can be exploited to achieve remote code execution on a vulnerable SharePoint server.
SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet: https://t.co/NiUeuy8oZu
CVE-2020-1147 full analysis and exploit :->
— ϻг_ϻε (@steventseeley) July 20, 2020
He sees the vulnerability as critical and recommends applying the patch as soon as possible. The colleagues from Bleeping Computer have published some more details on this topic in this article.