The NCSC has seen high levels of successful attacks against UK organisations so system owners need to check that actions have been taken against this vulnerability.
Microsoft published details of this vulnerability (CVE-2019-0604) which affects versions of SharePoint and allows an attacker to run arbitrary code by uploading a specifically crafted SharePoint application package.
Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive data, enable lateral movement within a network and potentially use the access to target an organisation’s customers and suppliers.
Alert: Microsoft SharePoint remote code vulnerability
Information to help with detection and mitigation against attacks exploiting Microsoft SharePoint Remote Code Execution Vulnerability CVE-2019-0604. PDF, 48 KB, 4 PAGES