ITS ADVISORY NUMBER:
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (MS13-024)
Multiple vulnerabilities have been reported in Microsoft SharePoint Server and Microsoft SharePoint Foundation that could allow for elevation of privilege or denial of service attack. Depending on the privileges associated with the user, the attacker could install programs; view, change or delete data or create new accounts with full user rights.
- Microsoft SharePoint Server 2010
- Microsoft SharePoint Foundation 2010
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: Low
There are a total of four vulnerabilities this advisory covers.
There is a Callback Function Vulnerability (CVE-2013-0080) that could allow an attacker to elevate their access to the server. This would provide the attacker the ability to change permissions, delete content and inject specially crafted content in the browser of the victim. This vulnerability uses a web-based attack scenario where the attacker hosts a specially crafted webpage. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.
There is a SharePoint Directory Traversal Vulnerability (CVE-2013-0084) that could allow an attacker, after obtaining sensitive system data, to elevate their access to the server. The vulnerability is caused when Microsoft SharePoint Server does not properly validate a user’s input. Once exploited, the attacker could use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions, delete content and inject malicious content into a web browser.
There is a Buffer Overflow Vulnerability (CVE-2013-0085) that could allow an attacker to cause the W3WP process on an affected version of SharePoint to terminate. This would cause the SharePoint site, along with any user sites running that process, to become unavailable until the process is restarted.
We recommend the following actions be taken:
- Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
- Inform and educate users regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Remind users not to download or open files from un-trusted websites.
Acting Chief Information Security Officer
- Cyber Security Home
- Incident Reporting
- Breach Notification
- Cyber Advisories
- NYS Digital Forensics
- Cyber Tips Newsletter
- Keeping Kids Safe Online
- Local Government
- Policies and Resources
- NY-ISAC Secure Portal