PoC Published for Critical Vulnerability To Attack SharePoint Servers

Microsoft

One of the vulnerabilities in .NET System, SharePoint, and Visual Studio that Microsoft discussed on the July 2020 Patch Tuesday could lead to remote execution of code.

Tracked as CVE-2020-1147 and classified as critical seriousness, the error occurs when the program does not check XML file input source markups. It could give an attacker the ability to execute arbitrary code in the sense of the phase where XML content is deserialised.

An attacker trying to exploit the security vulnerability will need to upload a precisely designed document to “a server that uses an affected product to process content,” says Microsoft.

“In the categories of DataSet and DataTable, which are. NET components used to handle data sets, the weakness is found,” the software giant announced in an advisory last week.

In addition to issuing vulnerability fixes, Microsoft also released guidelines related to the vulnerability, describing what the legacy. NET component forms of DataSet and DataTable represent and what limitations are enforced when loading them from XML.

The company also states that only certain types of objects may be found in deserialized data by default, and that an exception is thrown when the incoming XML data includes non-list object types resulting in a failure of the deserialization process. Apps can however expand the list of permitted forms.

“The new column descriptions are often taken into consideration when loading XML into an existing instance of DataSet or DataTable. Unless the table already includes a custom style column description, that style will be added temporarily to the allow list for the duration of the XML deserialization process, “the company states.

Security expert Steven Seeley explained in a blog post this week how the vulnerability can be activated and also published a proof-of – concept (PoC) exploit targeted at SharePoint servers, urging users to install the patches available as soon as possible.

“This gadget chain is highly likely to be used against numerous applications built with.net, but even if you don’t have a SharePoint Server installed, this bug still affects you,” Seeley says.

The problem affects. NET Core 2.1,. NET System 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 and 4.8 (depending on version of Windows), SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016, SharePoint Server 2010 Service Pack 2, SharePoint Server 2019, Visual Studio 2017 version 15.9, and Visual Studio 2019 version 16.0, 16.4 and 16.6.

Oleksandr Mirosh of Micro Focus Fortify, Jonathan Birch of the Microsoft Office Security Team and Markus Wulftange have identified the vulnerability.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.