19 October 2020

UK NCSC urges orgs to patch dangerous Microsoft SharePoint RCE flaw


UK NCSC urges orgs to patch dangerous Microsoft SharePoint RCE flaw

The U.K. National Cyber Security Centre (NCSC) has released an alert highlighting the dangers of the CVE-2020-16952 remote code execution vulnerability affecting Microsoft SharePoint Server, which has been addressed by Microsoft with the October Patch Tuesday release. The cybersecurity agency has urged organizations to immediately patch the vulnerability.

If exploited, CVE-2020-16952 could allow an attacker to run arbitrary code in the context of the local administrator on affected installations of SharePoint server. The vulnerability exists due to a validation issue in user-supplied data and can be exploited when a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.

The issue affects the following SharePoint releases:

  • Microsoft SharePoint Foundation 2013 Service Pack 1

  • Microsoft SharePoint Enterprise Server 2016

  • Microsoft SharePoint Server 2019

SharePoint Online as part of Office 365 is not impacted.

"The NCSC strongly advises that organizations refer to the Microsoft guidance referenced in this alert and ensure the necessary updates are installed in affected SharePoint products. The NCSC generally recommends following vendor best practice advice in the mitigation of vulnerabilities. In the case of this SharePoint vulnerability, it is important to install the latest updates as soon as practicable," the alert said.

Since SharePoint servers are used in enterprise environments such a flaw can pose a significant risk to organizations. Although there are no reports about the CVE-2020-16952 being exploited in real-world attacks, chances of this happening are high given that a proof-of-concept exploit demonstrating how remote code execution can be achieved is already available.


Back to the list

Latest Posts

Vulnerability summary for the week: November 27, 2020

Vulnerability summary for the week: November 27, 2020

A weekly vulnerability digest.
27 November 2020
Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak

Personal data of 16M Brazilian COVID-19 patients exposed due to a password leak

An employee of the Albert Einstein Hospital uploaded on his personal GitHub account a spreadsheet containing usernames, passwords, and access keys to electronic systems of the Ministry of Health.
27 November 2020
Sophos security breach exposes customers’ data

Sophos security breach exposes customers’ data

The company said that the incident affected "only a small subset of customers."
27 November 2020