Microsoft SharePoint Vulnerability Exploited in the Wild

Microsoft SharePoint Vulnerability Exploited in the Wild

A critical vulnerability in Microsoft’s SharePoint collaboration platform has been exploited in the wild to deliver malware.

The security hole, tracked as CVE-2019-0604, got its first patch in February and another one in March after the first fix turned out to be incomplete. Microsoft described the issue as a remote code execution vulnerability caused by the software’s failure to check the source markup of an application package. It can be exploited without the need for authentication.

“An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account,” Microsoft said in an advisory.


Read Previous

The lurking danger of hacked email reply chains

Read Next

A casual approach to workplace communications presents major security risks

Leave a Reply

Your email address will not be published. Required fields are marked *