CVE-2019-0604

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint versions prior to the fixed version Microsoft SharePoint Enterprise Server (2016) Microsoft SharePoint Foundation (2013) Microsoft SharePoint Server (2010, 2019)

Description A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. This allows an attacker to run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. The vulnerability can be exploited by uploading a specially crafted SharePoint application package to an affected version of SharePoint. Thousands of servers could be exposed to this vulnerability, which has been used in cyberattacks against Middle East government targets.

Recommendations For Microsoft SharePoint versions prior to the fixed version, update to the latest version to resolve the issue. For Microsoft SharePoint Enterprise Server (2016), apply the available patch to fix the vulnerability. For Microsoft SharePoint Foundation (2013) and Microsoft SharePoint Server (2010, 2019), apply the available patches or updates to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable SharePoint application package upload feature until a patch is available. Avoid using the vulnerable EntityInstanceIdEncoder deserialization of untrusted data until the issue is resolved.