Proof-of-Concept Prompts Alert on SharePoint Remote Execution Flaw

Health IT Security

Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency is urging organizations to review a UK National Cyber Security Centre (NCSC) alert for a remote code execution flaw found in Microsoft SharePoint. A proof-of-concept exploit has already been released, which would give an attacker control of affected systems.

The CVE-2020-16952 RCE flaw exists in the Microsoft SharePoint server, as the software fails to check the source markup of an application package. If a hacker successfully exploits the vulnerability, they could run arbitrary code through the SharePoint application pool and its server farm account.

“Exploitation of this vulnerability requires...

Get the Morning Update

Thanks for subscribing!