**Name of the Vulnerable Software and Affected Versions:**

.NET Core versions prior to 3.1.106

.NET Core Runtime versions prior to 2.1.20

.NET Core SDK versions prior to 2.1.516

Microsoft .NET Framework (affected versions not specified)

Microsoft SharePoint Server (affected versions not specified)

Microsoft SharePoint Enterprise Server (affected versions not specified)

Microsoft Visual Studio (affected versions not specified)

MS Lync/Skype for Business (affected versions not specified)

**Description:**

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. The vulnerability stems from an incomplete fix for a flaw initially reported in 2020 and has been actively exploited in recent ToolShell attacks targeting on-premises Microsoft SharePoint servers. The vulnerability is related to the processing of XML data and can be triggered by uploading a specially crafted document. The issue affects .NET dataset and datatable types.

**Recommendations:**

Update .NET Core to version 3.1.106 or later.

Update .NET Core Runtime to version 2.1.20 or later.

Update .NET Core SDK to version 2.1.516 or later.

At the moment, there is no information about a newer version that contains a fix for this vulnerability for Microsoft .NET Framework, Microsoft SharePoint Server, Microsoft SharePoint Enterprise Server, MS Lync/Skype for Business and Microsoft Visual Studio.