Alert: Vulnerability in Microsoft SharePoint Server
On May 29, 2019, CERT-FR published an alert bulletin relating to the discovery of a vulnerability in Microsoft SharePoint Server.
On May 29, 2019, CERT-FR published an alert bulletin relating to the discovery of a vulnerability in Microsoft SharePoint Server.This vulnerability allows an attacker to execute arbitrary code remotely by exploiting a deserialization flaw in SharePoint servers by sending a specially crafted malicious request. Cloudflare indicates in its analysis that the vulnerability is exploitable without authentication, which has not been confirmed by Microsoft.
Microsoft offers a fix in its security bulletin.
The CERT (Computer Emergency Response Teams) are alert and response centers for computer attacks, intended for businesses or administrations, but whose information is generally accessible to everyone. The priority tasks of a CERT are multiple. Centralization of assistance requests following security incidents (attacks) on networks and information systems: reception of requests, analysis of symptoms and possible correlation of incidents. Processing alerts and reacting to computer attacks: technical analysis, exchange of information with other CERTs, contribution to specific technical studies. The establishment and maintenance of a database of vulnerabilities, Prevention by dissemination of information on the precautions to be taken to minimize the risks of incidents or at worst their consequences, Possible coordination with other entities (competence centers networks, operators and Internet access providers national and international CERTs).
