[German]Administrators of Microsoft SharePoint Server (2013-2019) should ensure that they are patched against the CVE 2020-16952 vulnerability. The vulnerability is likely to be exploited by now.
Advertising
SharePoint Server vulnerability CVE 2020-16952
Microsoft issued a short security advisory on the CVE 2020-16952 vulnerability on October 13, 2020. The CVE number conceals a remote code execution vulnerability lurking in Microsoft SharePoint. The advisory gives the vulnerability a score of 7.1 on a scale from 7 to 10. On vuldb.com I came across the article MICROSOFT SHAREPOINT SERVER 2013 SP1/2016/2019 APPLICATION PACKAGE UNKNOWN VULNERABILITY. Here is the tex:
A vulnerability, which was classified as critical, was found in Microsoft SharePoint Server 2013 SP1/2016/2019 (Groupware Software). Affected is some unknown processing of the component Application Package Handler. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was presented 10/13/2020 as confirmed security guidance (Website). The advisory is shared for download at portal.msrc.microsoft.com. This vulnerability is traded as CVE-2020-16952. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 10/14/2020). The advisory points out:
The article in vuldb.com refers to another post CVE-2020-16952 | Microsoft SharePoint Remote Code Execution Vulnerability in the Microsoft MSRC Portal with confirmation of the vulnerability. There Microsoft states the following:
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.
The Remote Code Execution vulnerability in Microsoft SharePoint has been confirmed. Security updates addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.
Security Update for SharePoint
Microsoft classifies the vulnerability as critical and has provided security updates for the affected SharePoint version on its MSRC portal as of October 13, 2020.
- Microsoft SharePoint Foundation 2013 Service Pack 1: KB4486694, Download Security Update
- Microsoft SharePoint Enterprise Server 2016: KB4486677, Download Security Update
- Microsoft SharePoint Server 2019: KB4486676, Download Security Update
Administrators should install these security updates promptly, as the article in vuldb.com mentions a Proof of Concept (PoC) for this vulnerability (It is declared as proof-of-concept). (via askwoody.com)
Advertising
Advertising