Microsoft released a new set of security patches with the June 2022 Patch Tuesday edition. In this month’s security advisory, Microsoft patched a total of 55 vulnerabilities including the Windows MSDT ‘Follina’ zero-day vulnerability (CVE-2022-30190). Out of these 55 vulnerabilities, three vulnerabilities were classified as Critical as they allow Remote Code Execution (RCE). Microsoft … Continue reading “Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday”
Tag: Microsoft SharePoint
Microsoft addresses 70 vulnerabilities in February 2022 Patch Tuesday
Microsoft addresses 70 vulnerabilities in their February 2022 Patch Tuesday release. While none of the vulnerabilities in this month’s Microsoft release cycle have been assigned as critical risk, several have been given a high-risk rating (CVSSv3.1 score of 7.0 – 8.9). As of this writing, none of this month’s list of vulnerabilities is known to … Continue reading “Microsoft addresses 70 vulnerabilities in February 2022 Patch Tuesday”
Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-16952)
On Oct 14th, 2020, Microsoft issued a security advisory addressing CVE-2020-16952, a Remote Code Execution vulnerability in Microsoft SharePoint Servers with a CVSS score of 7.3 and severity marked as Critical. Vulnerability Details: Security researcher Steven Seeley (mr_me) of the Qihoo 360 Vulcan Team discovered and reported the Authenticated Remote Code Execution vulnerability (CVE-2020-16952). This … Continue reading “Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-16952)”
Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-1147)
On July 14th 2020, Microsoft issued a security advisory addressing CVE-2020-1147, a Remote Code Execution vulnerability in Microsoft SharePoint Servers with a CVSS score of 7.8 and severity marked as Critical. Vulnerability Details CVE-2020-1147 is a critical vulnerability caused by insufficient checks of the source markup of the XML file input that could be further exploited … Continue reading “Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-1147)”
Microsoft SharePoint Remote Code Execution Vulnerability(CVE-2020-0932)
Overview Microsoft has released a patch in April,2020 to fix the Remote Code Execution vulnerability CVE-2020-0932 discovered in SharePoint. Successful exploitation of this vulnerability allows authenticated user to execute arbitrary command on the server. POC is available on GitHub. Description: There are different web services present in SharePoint. One of them is WebPartPages, provide the … Continue reading “Microsoft SharePoint Remote Code Execution Vulnerability(CVE-2020-0932)”