Microsoft fixed a security vulnerability that exists in SharePoint Server allows attackers to read arbitrary files on the SharePoint Server. The arbitrary file is any file on the targeted server.
The Sharepoint server was launched in 2001, it has more than 190 million users across 200,000 customer organizations. It is a document management platform that helps the organization’s to effectively streamline the management of and access to data. It can be configured to run on Intranet, Extranet and Internet sites.
Information Disclosure Vulnerability
The update fixes the vulnerability in Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2010 Service Pack 2, Microsoft SharePoint Foundation 2013 Service Pack 1 and Microsoft SharePoint Server 2019.
The vulnerability can be exploited by an attacker sending a specially crafted request to the vulnerable SharePoint Server instance. The vulnerability was not publicly disclosed and chances of exploitation are very less.
On December’s Patch Tuesday, Microsoft fixed 37 CVEs across a range of Microsoft products. The updates include patches for Microsoft Windows, Internet Explorer, Microsoft Office and related apps, SQL Server, Visual Studio and Skype for Business.
The Vulnerability can be tracked as CVE-2019-1491 if the attacker manages to exploit the vulnerability they can gain unauthorized to the file system.
Microsoft recommends Users advised to apply security updates for mitigating the vulnerability.