Risk of SharePoint vulnerability to UK organizations

The NCSC is raising awareness of a new remote code execution vulnerability (CVE-2020-16952) affecting Microsoft SharePoint. Successful exploitation of this vulnerability would allow an attacker to run arbitrary code and carry out security actions in the context of the local administrator on affected installations of SharePoint server.

The NCSC always recommends applying security updates promptly to mitigate the exploitation of all vulnerabilities but in this case the NCSC has previously seen a large number of exploitations of SharePoint vulnerabilities, such as CVE-2019-0604, against UK organizations. Two SharePoint CVEs also appear in the CISA Top 10 Routinely Exploited Vulnerabilities.

The NCSC is issuing this alert to ensure that system owners are aware of this vulnerability and to ensure remediation actions are taken.