Microsoft released security bulletin MS14-058 for this issue. The update addresses a remote code execution vulnerability in Microsoft SharePoint Foundation, Microsoft SharePoint Server, Microsoft SharePoint Server 2010, and Microsoft SharePoint Server 2013. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

In order to successfully exploit this vulnerability, an attacker must be able to access the SharePoint server, such as when a user clicks on a malicious link sent in an email. End users who visit a malicious website or open a malicious email could be exploited.
An attacker could host a specially crafted website, or use a specially crafted Microsoft Office program or Microsoft SharePoint Server Web Application to try to exploit the vulnerability. These applications could attempt to exploit the vulnerability by running a remote code attack against the target system. In some cases, this may require the user to click on a link or open a specially crafted document.

In all cases, users should be vigilant regarding emails asking them to open documents or click on links. Microsoft Active Protections Program The Microsoft Active Protections Program (MAPP) is a security software assurance program that helps IT professionals protect their devices from security vulnerabilities by scanning for software assurance weaknesses

How Is Microsoft Office Affected?

The vulnerability is only present in Microsoft Office 2007, 2010 and 2013.

Update your Office programs to the latest version.
Apply the relevant updates for Microsoft SharePoint Server, Microsoft SharePoint Server 2010, and Microsoft SharePoint Server 2013.

Microsoft Office and Microsoft SharePoint Vulnerabilities

Microsoft Office and Microsoft SharePoint are susceptible to a number of vulnerabilities, including remote code execution issues. For example, CVE-2018-8325 is a remote code execution vulnerability in Microsoft Office that affects all versions of Microsoft Office up to and including Office 365 ProPlus. This vulnerability could allow an attacker to take complete control of a system running the vulnerable software.
In addition, MAPP scans for security software assurance weaknesses in commonly used software such as Microsoft Office and Microsoft SharePoint. Using this tool allows IT professionals to protect their devices from security vulnerabilities by identifying whether there are software assurance weaknesses in these applications that they should be aware of.

How does the vulnerability work?

An attacker sends an email that contains a specially crafted link or attachment. The vulnerability could allow remote code execution if the user clicks on the malicious link or opens the malicious attachment.
The vulnerability is caused by a buffer overflow condition in Microsoft Office programs and Web Applications when handling specially crafted documents of types such as Microsoft Word (.docx, .doc), PowerPoint (.pptx), Excel (.xlsx), Visio (.vsd) or XML files.
Customers who have home users installed with Security Essentials are protected from this vulnerability because Security Essentials detects and blocks malicious content from these documents before it can be opened.

How Might an attacker exploit this vulnerability?

An attacker could exploit this vulnerability by running a specially crafted application that attempts to exploit the vulnerability. In some cases, this may require the user to click on a link or open a specially crafted document.

Timeline

Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/19/2022 20:41:00 UTC

References