Security News > 2020 > July > Details and PoC for critical SharePoint RCE flaw released
Last week, a "Wormable" remote code execution flaw in the Windows DNS Server service temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix.
Implementing the offered security updates has since become even more urgent, as more exploitation details and a PoC have been released on Monday.
NET components used to manage data sets, and affects Microsoft SharePoint,.
Information security specialist and prolific bug hunter Steven Seeley decided to probe how the vulnerability might be exploited and recently shared how it can be leveraged against a SharePoint Server instance to achieve RCE as a low privileged user.
Vulnerabilities in Microsoft SharePoint, a web-based collaborative platform that integrates with Microsoft Office and usually houses a lot of sensitive data, have lately been an attractive target for hackers.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/XxVB0ZxTaME/
Related news
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-14 | CVE-2020-1147 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | 7.8 |