TTCSIRT-227.092019: TT-CSIRT Advisory – Microsoft Security Updates
Microsoft has released a security update stating that it has discovered the following vulnerabilities in Microsoft SharePoint Server 2019:
a) CVE-2019-1257 – the software fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
b) CVE-2019-1260 – an authenticated attacker could send a specially crafted request to an affected server, thereby allowing the impersonation of another SharePoint user.
c) CVE-2019-1261 – a spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).
| Further information on these vulnerabilities and how they can be mitigated can be found on the Microsoft Website at https://support.microsoft.com/en-us/help/4475596/security-update-for-sharepoint-server-2019-september-10 |