Thousands of SharePoint servers affected by CVE-2020-16952 vulnerability; exploit published

A report from the National Cybersecurity Center (NCSC) in the UK revealed the finding of a remote code execution (RCE) vulnerability in Microsoft SharePoint. Tracked as CVE-2020-16952, this flaw would allow threat actors to perform various malicious actions in the context of the local administrator in any affected server deployment.

The report by the British Cybersecurity Authority mentions that cases of active exploitation of this vulnerability have already been detected in various local organizations. In addition, two other flaws present in SharePoint also appear in the list of the most exploited vulnerabilities according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Experts mention that this flaw is generated by a validation issue in the data provided by the user to the vulnerable application. The flaw can be exploited when a user loads a specially designed SharePoint application package in an affected version, impacting the following versions:

  • Microsoft SharePoint Foundation 2013 Service Pack 1
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019

It should be noted that the SharePoint Online version, included as part of the Office 365 suite, is not affected by this vulnerability.

Microsoft received the report in a timely way, so the company was able to start working on a patch to fix this vulnerability. The SharePoint security update was released last week, so users in affected deployments are encouraged to update as soon as possible to mitigate the risk of exploitation.

The update consists of remediation of the method used by SharePoint to verify the source of the application packages. If you are not able to upgrade your systems immediately, the NCSC has issued some security recommendations:

  • Protect your devices and networks by keeping them up to date
  • Prevent and detect lateral movement in your organization’s networks
  • Review and update your incident management processes
  • Set up a reliable monitoring solution

More information is available on the company’s and NCSC’s official platforms.