Details are now available to exploit a critical security vulnerability that affects Microsoft SharePoint, increasing the risk of attacks on unpatched systems.
The defect received the tracking number CVE-2020-1147 (severity 9,8 out of 10) and also affects the .NET Framework and Visual Studio. Microsoft has released a correction in the release of security updates this month.
Security researcher Steven Seeley provides a comprehensive analysis of the root causes of the problem and how it can be used to achieve remote code execution on a vulnerable SharePoint server.
In essence, the error is the failure to control the source signal of the XML input file, allowing an attacker to execute its code choice as part of the process responsible for degrading XML content.
On his website, Seeley follows all the steps required to create the code that allows you to execute a command. systemic (system command) and the abuse of controls that allow it to do so remotely.
Seeley's analysis aims to help "understand the underlying technology." It can be used to create a fully functional attack scenario, but it does not provide one exploit which can be used to develop a attack.
However, organizations must give priority to the implementation of the patch. Microsoft's exploitability assessment is that CVE-2020-1147 is an attractive target for threatening factors, who could use it consistently.
"Microsoft rates this bug with an exploitability score of 1, which means you need to fix it right away if you haven't already. It is very likely that this "gadget chain" can be used by many applications created with .net and even if you have not installed SharePoint server, you are still affected by this error. ” says Steven Seeley.
Ben Hawkes, head of Google's Project Zero security research team, says the issue is bigger than the leaked Windows DNS vulnerability.
Microsoft says the CVE-2020-1147 vulnerability was identified by Oleksandr Mirosh of Micro Focus Fortify, Jonathan Birch of the Microsoft Office Security Team and Markus Wulftange. They found and reported the vulnerability independently.