430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

UK NCSC recommends organizations to fix CVE-2020-16952 SharePoint RCE flaw asap

The U.K. National Cyber Security Centre (NCSC) issued an alert to urge organizations to patch CVE-2020-16952 RCE vulnerability in MS SharePoint Server. The U.K. National Cyber Security Centre (NCSC) issued an alert to warn of the risks of the exploitation for the CVE-2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server and urges organizations to address […]

NCSC UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

The U.K. National Cyber Security Centre (NCSC) issued an alert to urge organizations to patch CVE-2020-16952 RCE vulnerability in MS SharePoint Server.

The U.K. National Cyber Security Centre (NCSC) issued an alert to warn of the risks of the exploitation for the CVE-2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server and urges organizations to address the flaw.

Attackers could exploit this vulnerability to run arbitrary code and execute operations in the context of the local administrator on vulnerable SharePoint servers.

The issue is caused by the improper validation in user-supplied data and can be exploited when a user uploads a specially crafted SharePoint application package to a vulnerable version of SharePoint.

The vulnerability affects Microsoft SharePoint Foundation 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Microsoft SharePoint Server 2019, while SharePoint Online as part of Office 365 is not impacted.

“The NCSC strongly advises that organizations refer to the Microsoft guidance referenced in this alert and ensure the necessary updates are installed in affected SharePoint products,” reads the alert. “The NCSC generally recommends following vendor best practice advice in the mitigation of vulnerabilities. In the case of this SharePoint vulnerability, it is important to install the latest updates as soon as practicable.”

The server-side include (SSI) vulnerability CVE-2020-16952 was reported by the researcher Steven Seeley from Qihoo 360 Vulcan Team, who also provided a proof-of-concept exploit for the RCE flaw.

An exploit module for the open-source Metasploit penetration testing framework was also available, it works on SharePoint 2019 on Windows Server 2016.

Security experts recommend applying the October 2020 SharePoint security updates ([1],[2],[3]).

Experts pointed out that SharePoint servers are used in enterprise environments, for this reason, such kind of vulnerabilities is very dangerous.

The UK NCSC confirms that both CVE-2020-16952 and CVE-2015-1641 flaws are included in the list of most exploited vulnerabilities since 2016 published in a joint advisory by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2020-16952)

[adrotate banner=”5″]

[adrotate banner=”13″]