HealthcareCISO

The UK National Cyber Security Centre (NCSC) has recently issued a security alert advising organizations to patch a serious remote code execution vulnerability in Microsoft SharePoint. The DHS Cybersecurity and infrastructure Security Agency is also urging organizations to patch the flaw promptly to prevent exploitation.

The vulnerability, tracked as CVE-2020-16952, is due to the failure of SharePoint to check the source markup of an application package. If exploited, an attacker could run arbitrary code in the context of the SharePoint application pool and SharePoint server farm account, potentially with administrator privileges.

To exploit the vulnerability an attacker would need to convince a user to upload a specially crafted SharePoint application package to a vulnerable version of SharePoint. This could be achieved in a phishing campaign using social engineering techniques.

The vulnerability has been...