SharePoint SSI Directives Vulnerability
A remote code execution in Microsoft's SharePoint collaboration tool has been disclosed. The NCSC are also warning that this vulnerability may be actively exploited in the near future.
Summary
A remote code execution in Microsoft's SharePoint collaboration tool has been disclosed. The NCSC are also warning that this vulnerability may be actively exploited in the near future.
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Microsoft has released details of a server-side includes (SSI) vulnerability affecting several versions of their SharePoint online sharing and collaboration platform. They claim that a remote authenticated attacker could exploit this vulnerability to arbitrary code in the context of the local SharePoint administrator.
Proof-of-concepts available
Please note that several proof-of-concept exploits for CVE-2020-16952 are available on public code repositories.
Vulnerability details
The vulnerability appears to be the result of a failure in vulnerable SharePoint versions to properly check SSI directives included in the source markup of application packages. By specially crafting application packages with misinformed SSI directives, a user with page creation privileges (enabled by default in SharePoint) can force the vulnerable system to execute code contained within the package.
Remediation advice
Affected organisations are encouraged to review Microsoft security update guide CVE-2020-16952 and apply the relevant updates immediately.
Remediation steps
| Type | Step |
|---|---|
| Patch |
CVE-2020-16952 | Microsoft SharePoint Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 |
Last edited: 21 October 2020 2:11 pm