Unpatched enterprise SharePoint servers remain under attack

By on
Unpatched enterprise SharePoint servers remain under attack

Remote code execution vulnerability without authentication.

Attackers are actively scanning for enterprise servers running vulnerable Microsoft SharePoint versions that are easily exploitable with a single HTTP request to remotely run arbitrary code, security researchers warn.

A patch for the vulnerability was issued by Microsoft in February this year but administrators have been slow to deploy the fix.

Opensecurity.global reasearcher Kevin Beaumont added support for the SharePoint vulnerability in his worldwide network of honeypots, and observed multiple attacks very quickly.

A significant number of enterprise SharePoint servers remain exposed to the vulnerability that is actively exploited in the wild, Beaumont cautioned.

The seriousness of the flaw may have been underestimated as Beaumont says it requires no authentication on vulnerable systems, and should have a high Common Vulnerabilities Scoring System (CVSS) rating of 9.8.

Microsoft warned in February that the critical bug exists in multiple variants of SharePoint Server, with no mitigations or workaround being available.

Security vendor AT&T's AlienLabs found several attempts at exploiting the bug, including planting malware and spyware by nation-state sponsored actors with attacks ongoing since May.

By uploading specially crafted SharePoint application package, attackers can take advantage of the unpatched servers not verifying source markup, to run arbitrary code.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?