Home News Vulnerability Alert: NCSC Warns U.K. Organizations About SharePoint Flaw

Vulnerability Alert: NCSC Warns U.K. Organizations About SharePoint Flaw

NCSC
SHARE

The National Cyber Security Centre (NCSC) in the U.K. has warned about a new remote code execution vulnerability (CVE–2020–16952), which affects Microsoft’s SharePoint products. In a security report, the agency stated that the vulnerability exists due to a validation issue in user-supplied data, which could allow an attacker to run arbitrary code and obtain admin access on affected installations of the SharePoint server.

“This vulnerability can be exploited when a user uploads a specially crafted SharePoint application package to an affected version of SharePoint,” the NCSC said. (Pullout quote)

The affected versions include:

  • Microsoft SharePoint Foundation 2013 Service Pack 1
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019

Although the NCSC had noticed multiple exploitations of SharePoint vulnerabilities, it clarified that SharePoint online, which is a part of Office 365, is not affected by the flaw.

Mitigation Measures

The agency recommended users to apply security updates to mitigate the exploitation of the vulnerability and remediate the affected SharePoint products. It also listed certain protective measures for mitigation of other vulnerabilities, such as:

  • Protect your devices and networks by keeping them up-to-date. Use the latest supported versions, apply security updates promptly; use antivirus and scan regularly to guard against known malware threats.
  • Prevent and detect lateral movement in your organization’s
  • Set up a security monitoring capability so you are collecting the data that will be needed to analyze network intrusions.
  • Review and refresh your incident management processes.

Related story:

U.K. NCSC Launches New Vulnerability Reporting Toolkit

CISO MAG is running an Endpoint Security Survey for its year-ender issue. Spare five minutes, take our Survey, and win some exciting goodies. Don’t miss out! Take Survey Now!

Subscribe Now to receive Free Newsletter

* indicates required

Select list(s) to subscribe to


By submitting this form, you are consenting to receive marketing emails from: EC-Council, 101 C Sun Ave. NE, Albuquerque, NM, 87109, http://www.eccouncil.org. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact