The CVE-2020-17118 bug was discovered by Jonathan Birch, a Senior Security Software Engineer on the Microsoft Office Security Team.
The critical flaw affects the following versions of SharePoint: Microsoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Foundation 2010 Service Pack 2.
Speaking to Threatpost, Kevin Breen – the director of cyberthreat research at Immersive Labs – said the SharePoint CVEs are a priority to fix.
Breen said: “Both are rated as critical as they have RCE, and Sharepoint can be used like a watering hole inside large organisations by an attacker.
“All it takes is for a few weaponised documents to be placed for malicious code to spread across an organisation.”
Other critical flaws that the latest Patch Tuesday resolved were found in Microsoft Exchange, while another was discovered in Microsoft Edge.
Published at Mon, 14 Dec 2020 06:01:00 +0000