Security News > 2020 > October > UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug
NCSC, the cybersecurity arm of the UK's GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts.
The server-side include vulnerability was reported by information security specialist Steven Seeley of Qihoo 360 Vulcan Team who found that it affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Server 2019.
Details on how to secure vulnerable Microsoft SharePoint instances can be found in KB4486676 for SharePoint 2019, in KB4486677 for SharePoint 2016, and in the KB4486694 advisory for SharePoint 2013.
After Microsoft issued CVE-2020-16952 security updates for all supported SharePoint products as part of the October 2020 Patch Tuesday, Rapid7 used data collected until October 5 and discovered roughly 15,000 SharePoint services on 443/tcp reachable services.
Most of these Internet-exposed SharePoint instances were found to run SharePoint 2010 and 2013, with around ~5,300 SharePoint 2010 servers and ~6,400 SharePoint 2013 servers.
News URL
Related news
- CISA tags Microsoft SharePoint RCE bug as actively exploited (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16952 | Origin Validation Error vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 8.6 |