locked
Microsoft SharePoint Server CVE-2019-0604 Remote Code Execution Vulnerability RRS feed

  • Question

  • Details to Reproduce

    Our SP versions are given below – SP 2010: Running on SP2 and Apr 2017 CU (KB3191846) Version: 14.0.7180.5001

    SP 2013: Running on SP1 and Oct 2018 CU (KB4461458) Version: 15.0.5075.1000

    Summary: Markus Wulftange from Trend Micro's Zero Day Initiative has found a Remote Code Execution Vulnerability on Microsoft SharePoint Server CVE-2019-0604

    Vulnerability Name : Microsoft SharePoint Remote Code Execution Vulnerability CVE Number : CVE-2019-0604 Attack Type : Remote Code Execution Vulnerability Attack vector : Network Attack Complexity : Low Confidentiality Impact : High Integrity Impact : High Availability Impact : High Xforce score : 9.8

    Description • When software fails to check the source markup of an application package. • An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. • Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint. • The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

    Detailed analysis • MS Released a patch on February, The original patch only addressed the Microsoft.SharePoint.BusinessData.Infrastructure.EntityInstanceIdEncoder in Microsoft.SharePoint.dll but not the Microsoft.Office.Server.ApplicationRegistry.Infrastructure.EntityInstanceIdEncoder in Microsoft.SharePoint.Portal.dll.

    • By using the EntityInstanceIdEncoder type from the Microsoft.SharePoint.Portal.dll with the Picker.aspx, the exploit still worked even though the patch was installed. • Microsoft addressed this with the re-release of CVE-2019-0604 yesterday.

    Technologies Affected • Microsoft SharePoint Server 2019 0 • Microsoft SharePoint Server 2010 SP2  Microsoft SharePoint Foundation 2013 SP1

    • Microsoft IIS 5.0
    • Microsoft Windows 2000 Advanced Server SP2
    • Microsoft Windows 2000 Advanced Server SP1
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Server SP2
    • Microsoft Windows 2000 Server SP1
    • Microsoft Windows 2000 Server • Microsoft SharePoint Enterprise Server 2016 0

    • References • CVE-2019-0604 • MSKB-4461630 • MSKB-4462143 • MSKB-4462155 • MSKB-4462171 • MSKB-4462184 • MSKB-4462199 • MSKB-4462202 MSKB-4462211

    Solution Reference Microsoft Security Update Guide

    Acknowledgement

    Applied Materials


    Regards, Prashant Please click the 'Mark as Answer' if this post solves your problem or "Vote As Helpful" if it was useful! :)

    Monday, April 15, 2019 2:10 PM