Microsoft SharePoint Server RCE Vulnerability

The National Cyber Security Centre (NCSC) has released an alert following a trend of attacks against UK organisations using a remote code execution (RCE) vulnerability in Microsoft SharePoint Server.

Threat ID:: CC-3067
Category:
Threat Severity:: Medium
Threat Vector:
Published:: 21 May 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The National Cyber Security Centre (NCSC) has released an alert following a trend of attacks against UK organisations using a remote code execution (RCE) vulnerability in Microsoft SharePoint Server.

Threat details

The vulnerability arises due to a failure in validation of user-supplied data. An attacker can upload a specially crafted SharePoint application package to escalate privileges and execute arbitrary code, in order to gain access to sensitive data and achieve lateral movement within an affected network.

The NCSC issued its alert to encourage administrators to check that remediation actions have been taken to address this vulnerability.

For more information:

CVE-2019-0604

Remediation steps

Type	Step
	Microsoft has released updates to address this vulnerability over the last few months. Users and administrators are encouraged to review the following security advisories and apply the necessary updates: Microsoft Security Advisory CVE-2019-0604 NCSC Alert: Microsoft SharePoint remote code vulnerability A Snort signature also exists to detect exploitation against this vulnerability (Snort ID 49681).

Type

Step

Microsoft has released updates to address this vulnerability over the last few months. Users and administrators are encouraged to review the following security advisories and apply the necessary updates:

A Snort signature also exists to detect exploitation against this vulnerability (Snort ID 49681).

CVE Vulnerabilities

Status

CVE-2019-0604

Last edited: 14 February 2020 2:50 pm