The National Cyber Security Centre (NCSC) in the U.K. has warned about a new remote code execution vulnerability (CVE–2020–16952), which affects Microsoft’s SharePoint products. In a security report, the agency stated that the vulnerability exists due to a validation issue in user-supplied data, which could allow an attacker to run arbitrary code and obtain admin access on affected installations of the SharePoint server.
“This vulnerability can be exploited when a user uploads a specially crafted SharePoint application package to an affected version of SharePoint,” the NCSC said. (Pullout quote)
The affected versions include:
- Microsoft SharePoint Foundation 2013 Service Pack 1
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019
Although the NCSC had noticed multiple exploitations of SharePoint vulnerabilities, it clarified that SharePoint online, which is a part of Office 365, is not affected by the flaw.
Mitigation Measures
The agency recommended users to apply security updates to mitigate the exploitation of the vulnerability and remediate the affected SharePoint products. It also listed certain protective measures for mitigation of other vulnerabilities, such as:
- Protect your devices and networks by keeping them up-to-date. Use the latest supported versions, apply security updates promptly; use antivirus and scan regularly to guard against known malware threats.
- Prevent and detect lateral movement in your organization’s
- Set up a security monitoring capability so you are collecting the data that will be needed to analyze network intrusions.
- Review and refresh your incident management processes.
Related story:
U.K. NCSC Launches New Vulnerability Reporting Toolkit
CISO MAG is running an Endpoint Security Survey for its year-ender issue. Spare five minutes, take our Survey, and win some exciting goodies. Don’t miss out! Take Survey Now!
