The U.K. National Cyber Security Centre (NCSC) has released an alert highlighting the dangers of the CVE-2020-16952 remote code execution vulnerability affecting Microsoft SharePoint Server, which has been addressed by Microsoft with the October Patch Tuesday release. The cybersecurity agency has urged organizations to immediately patch the vulnerability.
If exploited, CVE-2020-16952 could allow an attacker to run arbitrary code in the context of the local administrator on affected installations of SharePoint server. The vulnerability exists due to a validation issue in user-supplied data and can be exploited when a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.
The issue affects the following SharePoint releases:
-
Microsoft SharePoint Foundation 2013 Service Pack 1
-
Microsoft SharePoint Enterprise Server 2016
-
Microsoft SharePoint Server 2019
SharePoint Online as part of Office 365 is not impacted.
"The NCSC strongly advises that organizations refer to the Microsoft guidance referenced in this alert and ensure the necessary updates are installed in affected SharePoint products. The NCSC generally recommends following vendor best practice advice in the mitigation of vulnerabilities. In the case of this SharePoint vulnerability, it is important to install the latest updates as soon as practicable," the alert said.
Since SharePoint servers are used in enterprise environments such a flaw can pose a significant risk to organizations. Although there are no reports about the CVE-2020-16952 being exploited in real-world attacks, chances of this happening are high given that a proof-of-concept exploit demonstrating how remote code execution can be achieved is already available.
