Newsletter Archives

• Running a SharePoint server? Better make sure it’s patched.

  Posted on December 10, 2019 at 09:55 CST by woody • Comment in the Forums

  Kevin Beaumont reports that CVE-2019-0604 — a SharePoint Server vulnerability first patched in February, then re-patched in March — is under active attack.

  A reminder that all organisations should be patching SharePoint vulnerability CVE-2019-0604 (from February) as significant numbers of assets remain exposed, and the vulnerability is actively exploited in the wild.

  If you have a SharePoint Server — any version — that hasn’t been patched since March, get on the stick.

  Windows Patches/Security CVE-2019-0604, SharePoint Server

• Running SharePoint Server? Better get your patches brought up to date

  Posted on May 10, 2019 at 08:16 CDT by woody • Comment in the Forums

  I just got a tip from @SimonZerafa, referencing a tweet from Kevin Beaumont:

  📢 CVE-2019-0604 is being exploited in the wild 📢 It's a web based remote code execution vuln without need for authentication, plus Microsoft had to reissue the patch later as the first one didn't fix the vulnerability – so lots of places are exposed. https://t.co/qBDxwyJWi4

  — Kevin Beaumont 🧝🏽‍♀️ (@GossiTheDog) May 10, 2019

  The exposure occurs in SharePoint Server 2010, 2013, 2016 and 2019. Microsoft released patches in February and March of this year. If you’re running SharePoint Server, make sure you follow the fine print at the bottom of the Security Update Guide and install both patches for SharePoint Server 2010 and 2013.

  Office Patches/Security KB 4462184, KB 4462199, KB 4462202, KB 4462211, SharePoint Server