Proof-of-Concept Prompts Alert on SharePoint Remote Execution Flaw
Health IT Security
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency is urging organizations to review a UK National Cyber Security Centre (NCSC) alert for a remote code execution flaw found in Microsoft SharePoint. A proof-of-concept exploit has already been released, which would give an attacker control of affected systems.
The CVE-2020-16952 RCE flaw exists in the Microsoft SharePoint server, as the software fails to check the source markup of an application package. If a hacker successfully exploits the vulnerability, they could run arbitrary code through the SharePoint application pool and its server farm account.
“Exploitation of this vulnerability requires...