Under Attack : Is SharePoint server patched?

Under Attack : Is SharePoint server patched?

Most of the organization rely on SharePoint to collaborate and share their precious company or project information. A critical security vulnerability CVE-2019-0604 in SharePoint server is targeted by the Hackers.
Hackers look for security flaw to exploit hence it’s required to keep the SharePoint server patched and updated.

More on the Attack

Attackers are installing China Chopper Web shells on SharePoint Servers to carry out remote code execution attacks.  This kind of malware once installed can allow hackers to connect and issue command on the server. Canadian and Saudi cyber-security agencies have flagged the occurrence of these attacks and have also reported that many organization are impacted because of this vulnerability.

How to Patch the Servers

Microsoft provides the latest CU (cumulative update) on their website and all SharePoint Administrators are requested to keep track of the latest patch. For this issue to quickly fix the exploit you can download the security patch . (A table with all the SharePoint versions with their security patch are provided)
*Remember to first test the patches on staging. I myself have installed the April CU for my servers.

Product  Article Download Impact
Microsoft SharePoint Enterprise Server 2016 4462211 Security Update Remote Code Execution
Microsoft SharePoint Foundation 2010 Service Pack 2 4461630 Security Update Remote Code Execution
Microsoft SharePoint Foundation 2013 Service Pack 1 4462143 Security Update Remote Code Execution
Microsoft SharePoint Server 2010 Service Pack 2 4462184

4461630
Security Update

Security Update
Remote Code Execution
Microsoft SharePoint Server 2013 Service Pack 1 4462202

4462143
Security Update

Security Update
Remote Code Execution
Microsoft SharePoint Server 2019 4462199 Security Update Remote Code Execution

Ask your SharePoint administrator to patch the servers, if you want to know more on how to patch the servers the below links may be helpful

2016: https://docs.microsoft.com/en-us/SharePoint/upgrade-and-update/install-a-software-update
2013: https://docs.microsoft.com/en-us/SharePoint/upgrade-and-update/software-updates-overview-for-sharepoint-server-2013

So patch up your SharePoint servers always.


Leave a Reply

avatar