#Microsoft Office SharePoint

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

**According to the CVSS, User Interaction is Required. What interaction would the user have to do?** Exploitation of the vulnerability requires that a target be lured to and make use of a specially crafted functionality on a SharePoint page created by the attacker. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to use the intended functionality.

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated and possess the permissions for page creation to be able to exploit this vulnerability.

**What privileges are required to exploit this vulnerability?** The attacker needs read access to the target site within SharePoint.

**How could an attacker exploit the vulnerability?** An authenticated attacker with access to the domain could perform remote code execution on the Sharepoint server to elevate themselves to Sharepoint admin.

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to modify their Display Name within SharePoint.

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the permission to use Manage Lists within SharePoint.

**There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software?** Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.

**What privileges are required to exploit this vulnerability?** The attacker must be authenticated to the target site, with the rights to use the SharePoint Migration tool and the ability create a new SharePoint site collection.