A critical vulnerability of SharePoint Server has been identified which could lead to potential hacking.
Many enterprises use Microsoft SharePoint as the prime collaboration and content management platform and there are still a significant amount of SharePoint on-premise deployments across the world. This alert for the admins who manage on-premise deployments which you better take seriously and act fast.
A critical security vulnerability identified as CVE-2019-0604 | Microsoft SharePoint Remote Code Execution Vulnerability which behaves as explained by Microsoft below.
- A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
- Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint.
- The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.
Critical: It is highly important that you follow the table below and update your servers accordingly. As of now, Microsoft have not identified any Mitigation facts or Workarounds for this issue, however, the list of security updates shall keep your server away from the vulnerability.
And, following links shall help you on patching servers.
2016: https://docs.microsoft.com/en-us/SharePoint/upgrade-and-update/install-a-software-update
2013: https://docs.microsoft.com/en-us/SharePoint/upgrade-and-update/software-updates-overview-for-sharepoint-server-2013
Microsoft Cloud Infrastructure Technical Journal 