Security News > 2020 > October > UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug
NCSC, the cybersecurity arm of the UK's GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts.
The server-side include vulnerability was reported by information security specialist Steven Seeley of Qihoo 360 Vulcan Team who found that it affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Server 2019.
Details on how to secure vulnerable Microsoft SharePoint instances can be found in KB4486676 for SharePoint 2019, in KB4486677 for SharePoint 2016, and in the KB4486694 advisory for SharePoint 2013.
After Microsoft issued CVE-2020-16952 security updates for all supported SharePoint products as part of the October 2020 Patch Tuesday, Rapid7 used data collected until October 5 and discovered roughly 15,000 SharePoint services on 443/tcp reachable services.
Most of these Internet-exposed SharePoint instances were found to run SharePoint 2010 and 2013, with around ~5,300 SharePoint 2010 servers and ~6,400 SharePoint 2013 servers.
News URL
Related news
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16952 | Origin Validation Error vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 8.6 |