Fwd: [CIVN-2020-0294] Microsoft Office Elevation of Privilege Vulnerability

1 year ago 97

Severity Rating: HIGH

Software Affected

Microsoft Lync Server 2013

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Foundation 2013 Service Pack 1

Microsoft SharePoint Server 2019

Skype for Business Server 2015 CU 8

Skype for Business Server 2019 CU2

Overview

Elevation of privilege vulnerability has been reported in Microsoft

SharePoint Server and Skype for Business Server, which could allow an

attacker to gain elevated privileges, bypass security restrictions and

execute arbitrary code on the targeted system.

Description

This vulnerability exists in Microsoft SharePoint Server and Skype for

Business Server due to improper handling of the OAuth token validation. A

remote attacker could exploit this vulnerability by alter the token.  

Successful exploitation of this vulnerability could allow the attacker to

gain elevated privileges and bypass authentication of the targeted system.

Solution

Apply appropriate fix as mentioned in Microsoft Security Advisory 

Vendor Information

Microsoft

References

Microsoft

- -1025

CVE Name

CVE-2020-1025

Read Entire Article