NCSC warns organisations about critical SharePoint vulnerability

NCSC warns organisations about critical SharePoint vulnerability

Russian hackers exploiting VMware product flaws, warns NSA

The National Cyber Security Centre has ‘strongly advised’ organisations to immediately patch certain versions of Microsoft SharePoint, a vulnerability in which allows cyber criminals to execute code in the context of the local Administrator.

The vulnerability, assigned CVE-2020-16952, has been discovered in SharePoint Foundation 2013 Service Pack 1, SharePoint Enterprise Server 2016, and SharePoint Server 2019. However, SharePoint Online, which is part of Microsoft’s Office 365 package, does not contain this vulnerability.

According to Steven Seeley, a member of the Qihoo 360 Vulcan Team who discovered the vulnerability and disclosed it to Microsoft in July this year, the vulnerability arises due to “the lack of proper validation of user-supplied data which can result in a server-side include”. This can be exploited by an attacker to execute arbitrary code on affected installations of SharePoint Server in the context of the local Administrator.

Seeley added that authentication is required to exploit this vulnerability and the specific flaw exists within the DataFormWebPart class. According to Microsoft, who released a security update a few days ago, an attacker can exploit the vulnerability by uploading a specially crafted SharePoint application package to an affected version of SharePoint.

“A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

“The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages,” Microsoft said. Respective security updates for SharePoint Foundation 2013 Service Pack 1, SharePoint Enterprise Server 2016, and SharePoint Server 2019 can be downloaded here.

According to the National Cyber Security Centre, vulnerabilities in Microsoft SharePoint have been exploited on a large scale in the past to target UK organisations, including two SharePoint CVEs that feature in the CISA Top 10 Routinely Exploited Vulnerabilities.

In May last year, Microsoft issued a patch for a critical vulnerability in Microsoft SharePoint that allowed attackers to run arbitrary code by uploading a specifically crafted SharePoint application package. “Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive data, enable lateral movement within a network and potentially use the access to target an organisation’s customers and suppliers,” NCSC warned.

Read More: Chinese hackers caught stealing data from government contractor’s network

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]