Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Microsoft SharePoint Vulnerability

 

Systems Affected


  ✦  Microsoft SharePoint Enterprise Server 2016;
  ✦  Microsoft SharePoint Foundation 2010 Service Pack 2
  ✦  Microsoft SharePoint Foundation Service Pack 1
  ✦  Microsoft SharePoint Server 2010 Service Pack 2
  ✦  Microsoft SharePoint Server 2013 Service Pack 1
  ✦  Microsoft SharePoint Server 2019

Threat Level


High


Overview


Several version of Microsoft SharePoint Server was found deploying the Chine Chopper web shell. It was identified that compromised systems belongs to the academic, utility, heavy industry, manufacturing and technology sectors.


Description


Microsoft SharePoint Server Software fails to check the markup of an application stage. An attacker who could successfully compromised the system could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.


Impact


  ✦  Stealing sensitive information from the tricked user
  ✦  Remote Code execution
  ✦  Distributing malware


Solution/ Workarounds


  ✦  Sri Lanka CERT recommends you patch any Microsoft SharePoint server that are not up-to-date.
  ✦  If it is unable to apply security patches make sure your SharePoint Service is not accessible from the internet.


References


  ✦  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0604
  ✦  https://cyber.gc.ca/en/alerts/china-chopper-malware-affecting-sharepoint-servers


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.