Microsoft SharePoint CVE-2015-1700 Multiple Remote Code Execution Vulnerabilities

2015-05-1200:00:00

Symantec Security Response

www.symantec.com

0.048 Low

EPSS

Percentile

92.7%

JSON

Description

Microsoft SharePoint is prone to multiple remote code-execution vulnerabilities. An attacker can leverage these issues to execute arbitrary code in the context of the W3WP service account user.

Technologies Affected

Microsoft SharePoint Foundation 2010 SP2
Microsoft SharePoint Foundation 2013 SP1
Microsoft SharePoint Server 2007 for 32-bit SP3
Microsoft SharePoint Server 2007 for 64-bit SP3
Microsoft SharePoint Server 2010 SP2

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.

Updates are available. Please see the references or vendor advisory for more information.

CPENameOperatorVersion
microsoft sharepoint servereq2007 for 32-bit SP3 
microsoft sharepoint servereq2010 SP2 
microsoft sharepoint foundationeq2013 SP1 
microsoft sharepoint foundationeq2010 SP2 
microsoft sharepoint servereq2007 for 64-bit SP3 

Name	Operator	Version
microsoft sharepoint server	eq	2007 for 32-bit SP3
microsoft sharepoint server	eq	2010 SP2
microsoft sharepoint foundation	eq	2013 SP1
microsoft sharepoint foundation	eq	2010 SP2
microsoft sharepoint server	eq	2007 for 64-bit SP3