CVE-2020-1200 : What You Need to Know

Microsoft SharePoint Remote Code Execution Vulnerability was published on 2020-09-08. It affects various versions of Microsoft SharePoint including SharePoint Server 2016, SharePoint Server 2019, SharePoint Foundation 2010, and SharePoint Foundation 2013.

Understanding CVE-2020-1200

A critical remote code execution vulnerability in Microsoft SharePoint allows attackers to execute arbitrary code in the context of the SharePoint application pool and server farm account.

What is CVE-2020-1200?

The vulnerability arises from a failure to check the source markup of SharePoint application packages.
Attackers can exploit the flaw by uploading a specially crafted application package to the affected SharePoint version.
A security update has been released to address this issue.

The Impact of CVE-2020-1200

Type: Remote Code Execution
Severity: High
CVSS Score: 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)
Attack Vector: Network, Attack Complexity: Low, Privileges Required: None, User Interaction: None, Scope: Unchanged, Confidentiality: Low, Integrity: High, Availability: Low

Technical Details of CVE-2020-1200

This section provides more technical insights into the vulnerability.

Vulnerability Description

The flaw allows remote code execution in SharePoint due to inadequate source markup validation.

Affected Systems and Versions

Microsoft SharePoint Enterprise Server 2016 (Version 16.0.0)
Microsoft SharePoint Server 2019 (Version 16.0.0)
Microsoft SharePoint Foundation 2010 Service Pack 2 (Version 13.0.0)
Microsoft SharePoint Foundation 2013 Service Pack 1 (Version 15.0.0)

Exploitation Mechanism

The vulnerability is exploited by uploading a specially crafted SharePoint application package.

Mitigation and Prevention

It is crucial to take immediate and long-term actions to mitigate the risks associated with CVE-2020-1200.

Immediate Steps to Take

Apply the security update provided by Microsoft to fix the vulnerability.
Limit user permissions within SharePoint to reduce the impact of potential attacks.
Monitor SharePoint activities for any suspicious behavior.

Long-Term Security Practices

Regularly update and patch SharePoint to protect against known vulnerabilities.
Conduct security audits and assessments to identify and address weaknesses in the SharePoint environment.
Educate users on safe practices when handling and uploading application packages.
Implement network segmentation to isolate SharePoint servers from critical systems and data.
Use intrusion detection and prevention systems to monitor and block malicious activities.
Consider implementing application allow-listing to control the execution of trusted applications.

Patching and Updates

Ensure timely installation of patches and updates provided by Microsoft to secure SharePoint against known vulnerabilities.