There isn't yet a public (web accessible) exploit for RCE against SharePoint (the ones on Github and ZDI don't work out the box). If that changes I think this will be one of the biggest vulns in years. It would own a lot of enterprises. Like, a LOT.
-
-
Prikaži ovu nit
-
Note some APT and crimeware groups are already using it, i.e. ones with skills.
Prikaži ovu nit -
CVE-2019-0604 is a weird'un. Microsoft's advisory for it says: "Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint", doesn't look true tho.
Prikaži ovu nit -
The only way I can get condition to trigger is with creds so far, it'd be nice to have IIS logs from infected orgs tho as there's a bit of a wormhole around 'Why is IIS doing this?' for me.
Prikaži ovu nit -
1oopho1e is reporting some of these through HackerOne, and has a working exploit. There’s still not a clear cut public exploit for this, so you should patch.https://twitter.com/1oopho1e/status/1127919161265487872?s=21 …
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
According to ZDI advisory authentication is required : https://www.zerodayinitiative.com/advisories/ZDI-19-181/ … I speculate the attack scenario is to send something to a victim SharePoint user. If true, this is more difficult to perform mass attacks.
-
So one of the default install components in SharePoint, a Form parser, works without authentication it appears
- Još 2 druga odgovora
Novi razgovor -
-
-
How popular is sharepoint for building public web pages? Its a CMS tool, but more internally focused, right? I’m trying to understand the potential exposure here. I realize you should patch anyway even if it’s internal only, but how much is externally visible to attackers?
-
Guesstimate about 2m of these online at mo
- Još 2 druga odgovora
Novi razgovor -
-
-
So
@sharepoint March 2019 PU fixes the issue for SP 2023 SP1?Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
CVE-2019-0604 is being exploited in the wild