|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Running SharePoint Server? Better get this security hole plugged soon.
Very few of you are running SharePoint Servers, but for those of you who do, this is an important heads-up. From AttackerKB:
On Tuesday, October 13, as part of the October 2020 Patch Tuesday release, Microsoft published a security advisory for CVE-2020-16952, a server-side include (SSI) vulnerability in Microsoft SharePoint. The bug is exploitable by an authenticated user with page creation privileges, which is a standard permission in SharePoint, and allows the leaking of an arbitrary file, notably the application’s
web.configfile, which can be used to trigger remote code execution (RCE) via .NET deserialization. CVE-2020-16952 carries a CVSSv3 base score of 8.6…An easily available proof-of-concept makes CVE-2020-16952 an impending threat. There are no reports of exploitation in the wild as of October 13, 2020.
Affected products
-
-
Microsoft SharePoint Foundation 2013 Service Pack 1
-
Microsoft SharePoint Enterprise Server 2016
-
Microsoft SharePoint Server 2019
-
Full details on the Rapid7 site.
Thx, Patch Lady.
-
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Latest Firefox requires Password on start up
by 43 seconds ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 4 hours, 22 minutes ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 13 minutes ago
-
How Much Daylight have YOU Saved?
by 56 minutes ago
-
A brief history of Windows Settings
by 2 hours, 50 minutes ago
-
Thunderbolt is not just for monitors
by 1 hour, 1 minute ago
-
Password Generators — Your first line of defense
by 14 minutes ago
-
AskWoody at the computer museum
by 34 minutes ago
-
Planning for the unexpected
by 1 hour, 32 minutes ago
-
Which printer type is the better one to buy?
by 6 hours, 7 minutes ago
-
Upgrading the web server
by 4 hours, 32 minutes ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 23 hours, 37 minutes ago
-
Creating a Google account
by 22 hours, 22 minutes ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 1 day, 4 hours ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 1 day, 15 hours ago
-
AI *emergent misalignment*
by 1 day, 17 hours ago
-
Windows 11 Disk Encryption/ Bitlocker/ Recovery Key
by 1 hour, 4 minutes ago
-
Trouble signing out and restarting
by 17 hours, 40 minutes ago
-
Windows 7 MSE Manual Updating
by 2 days, 1 hour ago
-
Problem running LMC 22 flash drive
by 1 day ago
-
Outlook Email Problem
by 1 day ago
-
“Microsoft 365 Office All-in-One For Dummies, 3rd Edition FREE
by 1 day, 7 hours ago
-
Cant use Office 2013 – Getting error message about Office 2013
by 2 days ago
-
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
by 2 days ago
-
Windows 11 Insider Preview build 27808 released to Canary
by 3 days, 1 hour ago
-
Windows 11 Insider Preview Build 22635.5025 (23H2) released to BETA
by 3 days, 1 hour ago
-
Sysprep issue
by 3 days, 1 hour ago
-
Android Security Bulletin—March 2025
by 3 days, 4 hours ago
-
23h2: PIN TO START randomly available on right-click
by 3 days, 4 hours ago
-
Microsoft Defender
by 3 days, 9 hours ago
