KLA10604Multiple vulnerabilities in Microsoft SharePoint

2014-11-11T00:00:00
ID KLA10604
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

11/11/2014

Severity:

High

Description:

Multiple serious vulnerabilities have been found in Microsoft SharePoint. Malicious users can exploit these vulnerabilities to gain privileges or execute arbitrary code.

Affected products:

Microsoft Windows SharePoint Services x86, x64 3.0 Service Pack 3
Microsoft SharePoint Foundation 2010 Service Pack 1, 2
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Foundation 2013 Service Pack 1
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2013 Service Pack 1
Microsoft Project Server 2010 Service Pack 1, 2
Microsoft Project Server 2013
Microsoft Project Server 2013 Service Pack 1
Microsoft Web Applications 2010 Service Pack 1, 2
Microsoft Office Web Apps Server 2013
Microsoft Office Web Apps Server 2013 Service Pack 1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2014-2816
CVE-2014-0251
CVE-2014-1754
CVE-2014-1813
CVE-2014-4116

Impacts:

ACE

Related products:

Microsoft Sharepoint Server

CVE-IDS:

CVE-2014-28169.3High
CVE-2014-02519.0High
CVE-2014-17544.3High
CVE-2014-18138.5High
CVE-2014-41164.3High

Microsoft official advisories:

KB list:

2837588
2880453
2880536
2863829
2863922
2837598
2880994
2863863
2760236
2752096
2596861
2596763
2977202
2810069
2596902
2863836
2863856
2863854
3000431
2952166
2596810
2837616