There isn't yet a public (web accessible) exploit for RCE against SharePoint (the ones on Github and ZDI don't work out the box). If that changes I think this will be one of the biggest vulns in years. It would own a lot of enterprises. Like, a LOT.
-
-
Prikaži ovu nit
-
Heads up: This one is being exploited in targeted attacks now.
Prikaži ovu nit - Još 7 drugih odgovora
Novi razgovor -
-
-
According to ZDI advisory authentication is required : https://www.zerodayinitiative.com/advisories/ZDI-19-181/ … I speculate the attack scenario is to send something to a victim SharePoint user. If true, this is more difficult to perform mass attacks.
-
So one of the default install components in SharePoint, a Form parser, works without authentication it appears
- Još 2 druga odgovora
Novi razgovor -
-
-
How popular is sharepoint for building public web pages? Its a CMS tool, but more internally focused, right? I’m trying to understand the potential exposure here. I realize you should patch anyway even if it’s internal only, but how much is externally visible to attackers?
-
Guesstimate about 2m of these online at mo
- Još 2 druga odgovora
Novi razgovor -
-
-
So
@sharepoint March 2019 PU fixes the issue for SP 2023 SP1?Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Ios 12.2
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
CVE-2019-0604 is being exploited in the wild