Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2024-38228: Microsoft SharePoint Server Remote Code Execution Vulnerability

How could an attacker exploit the vulnerability?

An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file’s parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server.

Microsoft Security Response Center
#vulnerability#microsoft#rce#auth#Microsoft Office SharePoint#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-49060: Azure Stack HCI Elevation of Privilege Vulnerability