Fwd: [CIVN-2020-0294] Microsoft Office Elevation of Privilege Vulnerability

Severity Rating: HIGH

Software Affected

Microsoft Lync Server 2013

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server 2019

Skype for Business Server 2015 CU 8

Skype for Business Server 2019 CU2

Overview

Elevation of privilege vulnerability has been reported in Microsoft

SharePoint Server and Skype for Business Server, which could allow an

attacker to gain elevated privileges, bypass security restrictions and

execute arbitrary code on the targeted system.

Description

This vulnerability exists in Microsoft SharePoint Server and Skype for

Business Server due to improper handling of the OAuth token validation. A

remote attacker could exploit this vulnerability by alter the token.

Successful exploitation of this vulnerability could allow the attacker to

gain elevated privileges and bypass authentication of the targeted system.

Solution

Apply appropriate fix as mentioned in Microsoft Security Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance

Vendor Information

Microsoft

https://portal.msrc.microsoft.com/en-US/security-guidance

References

Microsoft

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020

- -1025

CVE Name

CVE-2020-1025

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0294] Microsoft Office Elevation of Privilege Vulnerability

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive