With the onset of a Remote Code Execution vulnerability CVE-2022-35823, the integrity and confidentiality of businesses are at stake. Since this recently shared vulnerability (on 09/13/2022), is classified as critical to the affected installations of Microsoft SharePoint, it is vital to know how to fix CVE-2022-35823, a Remote Code Execution vulnerability in Microsoft SharePoint.
A remote authenticated attacker can run arbitrary code on the business products/system. This specially-crafted request can disclose all business information and content to the attacker.
Considering these serious effects of the attacks on business products, SharePoint published the possible way to fix this vulnerability. Applying/downloading security patches can reduce the severity of attacks and even eliminate the problem of CVE-2022-35823 exploit.
This article will show you how to fix CVE-2022-35823, a Remote Code Execution vulnerability in Microsoft SharePoint.
Table of Contents
A Short Note About Microsoft SharePoint
Microsoft Sharepoint is a web-based collaborative platform that allows users to share and manage documents, data, and information. It enables businesses to create websites and portals to share information and collaborate on projects. Sharepoint also provides enterprise content management capabilities, such as document management, records management, and search.
SharePoint is available in on-premises and cloud-based versions. The on-premises version is installed on a company’s own servers, while the cloud-based version is hosted by Microsoft.
SharePoint has been around since 2001 and is used by organizations of all sizes. It is estimated that there are over 190 million Sharepoint users worldwide.
Microsoft SharePoint is a versatile platform that can be used for a variety of purposes. Some common uses of Sharepoint include:
– Creating websites and portals
– Sharing documents and data
– Collaborating on projects
– Managing documents and records
– Searching for information
SharePoint provides many benefits to organizations, such as increased productivity, improved collaboration, and better information management. If you are looking for a way to improve your business operations, Sharepoint may be the right solution for you.
Summary of CVE-2022-35823:
This is a remote code execution vulnerability in SharePoint application. According to the research team, this flaw allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft SharePoint. A remote attacker requires authentication and should have access to create a page on the SharePoint to exploit the vulnerability and runs an arbitrary code on the affected installations.
The specific flaw exists within the handling of custom workflows. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the web service account.
-ZDI
| Associated CVE ID | CVE-2022-35823 |
| Description | A Remote Code Execution Vulnerability in Microsoft SharePoint |
| Associated ZDI ID | – |
| CVSS Score | 8.1 High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Network |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | None |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | None |
Microsoft SharePoint Versions Affected by CVE-2022-35823 RCE Vulnerability
Below is the list of versions that are affected by CVE-2022-35823 Remote Code Execution Vulnerability in Microsoft SharePoint;
| Product | Impact | Max Severity | Download |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | Remote Code Execution | Important | Security Update |
| Microsoft SharePoint Enterprise Server 2016 | Remote Code Execution | Important | Security Update |
| Microsoft SharePoint Server Subscription Edition | Remote Code Execution | Important | Security Update |
| Microsoft SharePoint Server 2019 | Remote Code Execution | Important | Security Update |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | Remote Code Execution | Important | Cumulative Update Security Update |
How to Fix CVE-2022-35823- A Remote Code Execution Vulnerability in Microsoft SharePoint?
Microsoft has released the security patches to fix the CVE-2022-35823 flaw. Please apply these patches from Microsoft’s security advisory.
- KB5002267 – security update for SharePoint Foundation 2013
- KB5002271 – security update for SharePoint Server Subscription Edition
- KB5002258 – security update for SharePoint Server 2019
- KB5002264 – cumulative update for SharePoint Enterprise Server 2013
- KB5002267 – security update for SharePoint Foundation 2013
- KB5002269 – update for SharePoint Enterprise Server 2016
Different Ways to install the Update on Windows:
You can download the security patches directly form here:
- SharePoint Server Subscription Edition
- SharePoint Server 2019
- SharePoint Server 2016 (Feature Pack 1)
- SharePoint Server 2016 (Feature Pack 2)
- SharePoint Enterprise Server 2016
- SharePoint Server 2013 Service Pack 1
- SharePoint Foundation 2013
We hope this post will help you know how to fix CVE-2022-35823, a Remote Code Execution vulnerability in Microsoft SharePoint.. Please share this post if you find this interested. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
Keep Reading:
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/290063.html