Friday 17 May 2019 @ 13:15
National Cyber Security Centre
Printable version

Alert: Microsoft SharePoint remote code vulnerability

The NCSC has seen high levels of successful attacks against UK organisations so system owners need to check that actions have been taken against this vulnerability.

Microsoft published details of this vulnerability (CVE-2019-0604) which affects versions of SharePoint and allows an attacker to run arbitrary code by uploading a specifically crafted SharePoint application package.

Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive data, enable lateral movement within a network and potentially use the access to target an organisation’s customers and suppliers.

Downloads

Alert: Microsoft SharePoint remote code vulnerability

Information to help with detection and mitigation against attacks exploiting Microsoft SharePoint Remote Code Execution Vulnerability CVE-2019-0604. PDF, 48 KB, 4 PAGES

 

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/alert-microsoft-sharepoint-remote-code-vulnerability

Share this article

Latest News from
National Cyber Security Centre

UK girls triumph in national cyber skills contest

05/12/2024 10:10:00

Teams of girls from schools across the UK have been crowned cyber security champions

Risk facing UK "widely underestimated", cyber chief to warn in first major speech

03/12/2024 18:14:10

Richard Horne described the cyber risks facing the nation as “widely underestimated” and call for collective action against an increasingly complex array of threats.

UK and allies warn about shift in cyber attackers exploiting zero-day vulnerabilities

14/11/2024 11:05:00

NCSC and international partners share top 15 vulnerabilities that were routinely exploited by cyber attackers last year.

The 4th Republic of Korea-UK Cyber Dialogue held in London

08/11/2024 15:18:00

The 4th Republic of Korea (ROK)-United Kingdom (UK) Cyber Dialogue was held in London on 6 November 2024.

Cyber Essentials scheme marks a decade of boosting businesses’ cyber defences

28/10/2024 16:05:00

Following the 10 successful years of the Cyber Essentials scheme, more businesses urged to strengthen cyber security protections

Exploitation of vulnerability affecting Fortinet FortiManager

25/10/2024 09:20:00

The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability affecting Fortinet FortiManager (CVE-2024-47575) and to follow the latest vendor advice.

NCSC warns of widening gap between cyber threats and defence capabilities

17/10/2024 09:05:00

Dr Richard Horne, CEO NCSC calls for greater global resilience against online security threats at Singapore International Cyber Week.

All UK schools offered free cyber service to protect against online threats

16/10/2024 16:15:00

Following the successful initial roll out of PDNS for Schools last year, all schools in the UK can now benefit from the enhanced cyber resilience service.

Team of British women to take part in international cyber event in Japan

08/10/2024 16:20:00

Being announced on Ada Lovelace Day, a team of CyberFirst Bursary alumni will be representing the UK at the inaugural Kunoichi Cyber Games taking place at the Code Blue cyber security conference in Tokyo.