{"id":15146,"date":"2020-07-25T00:17:00","date_gmt":"2020-07-24T22:17:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15146"},"modified":"2020-07-24T13:21:46","modified_gmt":"2020-07-24T11:21:46","slug":"sharepoint-rce-schwachstelle-cve-2020-1147-details-nun-ffentlich-patchen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/07\/25\/sharepoint-rce-schwachstelle-cve-2020-1147-details-nun-ffentlich-patchen\/","title":{"rendered":"Sharepoint RCE vulnerability CVE-2020-1147 &#8211; Details now public, patch immediately"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=233747\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]A brief note for administrators in enterprises, who are responsible for Sharepoint installations. The details regarding an RCE vulnerability have now become public. It is important to patch the affected installations quickly.<\/p>\n<p><!--more--><\/p>\n<p>Sharepoint server is becoming a bit of a 'problem bear' for administrators. As recently as June, I reported a vulnerability and a proof of concept (PoC) for an RCE vulnerability in the article <a href=\"https:\/\/borncity.com\/win\/2020\/06\/21\/sharepoint-poc-fr-rce-schwachstelle-cve-2020-1181\/\">SharePoint: PoC for RCE Vulnerability CVE-2020-1181<\/a> . However, the current case involves the CVE-2020-1147 RCE vulnerability. <\/p>\n<h2>Sharepoint RCE vulnerability CVE-2020-1147<\/h2>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-1147\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-1147<\/a> is a vulnerability that allows a remote code execution (RCE). It also affects the .NET Framework, Microsoft SharePoint and Visual Studio. A remote code execution vulnerability exists if the software does not validate the source markup of the XML file input, also known as the .NET Framework, SharePoint Server, and Visual Studio remote code execution vulnerability. This occurs during dataset and datatable accesses and a base score of 7.8 was assigned to this CVE. <\/p>\n<p>Microsoft has released the support article <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1147\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability<\/a> and released corresponding updates for the .NET Framework on July 14, 2020. All SharePoint servers still in support from 2010 to 2019 are affected. <\/p>\n<h2>CVE-2020-1147 details announced<\/h2>\n<p>A few days ago, security researcher <a href=\"https:\/\/twitter.com\/steventseeley\" target=\"_blank\" rel=\"noopener noreferrer\">Steven Seeley<\/a> published a complete analysis of the problem and how it can be exploited to achieve remote code execution on a vulnerable SharePoint server.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet: <a href=\"https:\/\/t.co\/NiUeuy8oZu\">https:\/\/t.co\/NiUeuy8oZu<\/a><\/p>\n<p>CVE-2020-1147 full analysis and exploit :-&gt;<\/p>\n<p>\u2014 \u03fb\u0433_\u03fb\u03b5 (@steventseeley) <a href=\"https:\/\/twitter.com\/steventseeley\/status\/1285225452454502405?ref_src=twsrc%5Etfw\">July 20, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>He sees the vulnerability as critical and recommends applying the patch as soon as possible. The colleagues from Bleeping Computer have published some more details on this topic in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-sharepoint-flaw-dissected-rce-details-now-available\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A brief note for administrators in enterprises, who are responsible for Sharepoint installations. The details regarding an RCE vulnerability have now become public. It is important to patch the affected installations quickly.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,580,1547,22],"tags":[1633,1079,195],"class_list":["post-15146","post","type-post","status-publish","format-standard","hentry","category-office","category-security","category-software","category-update","tag-sharepoint","tag-sicherheit","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15146"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15146\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}