Shulou(Shulou.com)06/01 Report--

SharePoint and other components of the remote code execution vulnerability CVE-2020-1147 how to understand, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Overview of 0x00 updates

On July 21, 2020, the core security team released an analysis of SharePoint components that showed that remote attackers could have an impact on remote code execution. This update identifies the details of the vulnerability to the public, and a large-scale attack may occur in a short period of time.

Brief introduction of 0x01 vulnerability

On July 15, 2020, 360CERT Monitoring found that Microsoft officially issued a risk notice of a vulnerability in the remote code execution of .NET Framework/SharePoint Server/Visual Studi. The vulnerability level is serious.

A remote code execution vulnerability exists when the .NET Framework/SharePoint Server/Visual Studio fails to properly identify and filter insecure XML content. A remote attacker who successfully exploits this vulnerability can execute arbitrary code in the context of the SharePoint application process pool.

In this regard, 360CERT recommends that the majority of users install the latest patches on the .NET Framework/SharePoint Server/Visual Studio in a timely manner. At the same time, please do a good job of asset self-examination and prevention to avoid hacker attacks.

0x02 risk rating

360CERT's assessment of the vulnerability is as follows

Assessment method level threat level serious impact surface general 0x03 vulnerability details

SharePoint Server is a set of portal solutions that enable enterprises to easily develop intelligent portals that seamlessly connect with users, teams, and knowledge. Therefore, users can make better use of the relevant information in the business process and work more effectively.

Microsoft Visual Studio is a series of Microsoft development kits. VS is a complete set of development tools, which includes most of the tools needed in the whole software life cycle, such as UML tools, code control tools, integrated development environment (IDE) and so on.

The same XML processing logic is used in SharePoint/Visual Studio. The input is not strictly checked in this processing logic, resulting in an attacker transmitting malicious XML data to cause deserialization, resulting in remote code execution.

For vulnerability analysis, see the reference link.

0x04 affects version

Microsoft .NET Framework: multi-version

Microsoft SharePoint Enterprise Server: 2013 Service Pack 1

Microsoft SharePoint Enterprise Server: 2016

Microsoft SharePoint Server: 2010 Service Pack 2

Microsoft SharePoint Server: 2019

Microsoft Visual Studio 2017: version 15.9 (includes 15.015.8)

Microsoft Visual Studio 2019: version 16.0

Microsoft Visual Studio 2019: version 16.4 (includes 16.016.3)

Microsoft Visual Studio 2019: version 16.6 (includes 16.016.5)

0x05 repair recommendation General repair recommendation

360CERT recommends an one-click update by installing a 360 security guard.

Http://weishi.360.cn/

Microsoft Windows version updates should be carried out in a timely manner and Windows automatic updates should be kept on.

The process for Windows server / Windows to detect and turn on Windows automatic updates is as follows

Click the start menu and select Control Panel from the pop-up menu to proceed to the next step.

Click "system and Security" on the control panel page to enter the settings.

In the new interface that pops up, select enable or disable automatic updates in windows update.

Then go to the settings window, expand the drop-down menu item, and select the automatic installation update (recommended).

Manual upgrade scenario:

Find your own vulnerability patches that match the operating system version through the link below, and download and install the patches.

CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

Https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147

0x06 product side solution 360Security Guard

For this security update, Windows users can install the corresponding patch through the 360 security guard, and users on other platforms can update vulnerable products according to the updated version in the list of repair suggestions.

360 city-level network security monitoring service

The QUAKE asset mapping platform of the security brain monitors such vulnerabilities by means of asset mapping technology, and users are asked to contact the relevant product area leader or (quake#360.cn) to obtain the corresponding product.

360 security analysis response platform

The security analysis and response platform of the security brain detects and blocks the exploitation of such vulnerabilities in real time by means of network traffic detection and multi-sensor data fusion association analysis, and asks the user to contact the person in charge of the relevant product area or (shaoyulong#360.cn) to obtain the corresponding product.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.