Earlier this year, a vulnerability was found various versions of SharePoint Server and got assigned the ID CVE-2019-0604. The behaviour of the vulnerability is:
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
While this patch has been fixed in the latest Public Update, not all administrators patch their SharePoint Servers every month, which caused multiple enterprises to be affected by this vulnerability. On April 23rd , 2019, the Canadian Center for Cyber Security released an alert called China Chopper Malware affecting SharePoint Servers and here is the assessment from their website:
The Cyber Centre is aware of a campaign that is currently compromising several versions of Microsoft SharePoint Server in order to deploy the China Chopper web shell. Trusted researchers have identified compromised systems belonging to the academic, utility, heavy industry, manufacturing and technology sectors. The following versions of Microsoft SharePoint are known to be affected:
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Foundation 2013 SP1
- Microsoft SharePoint Server 2010 SP2
- Microsoft SharePoint Server 2019
It is likely that the current campaign is leveraging CVE-2019-0604 in order to deploy the web shell. Microsoft released security updates addressing this vulnerability in February and March 2019; however, many systems remain outdated.
A similar alert has been raised by the National Cyber Security Center of Saudi Arabia so this is definetly a vulnerability that addresses international customers.
What should you do?
This is why it’s super important to keep your SharePoint Servers, whether 2010, 2013, 2016 or 2019 on the latest Public Updates in order to keep your environment as safe as possible. In Office 365, Microsoft does it right away, but for On-Premises, it’s our duty as SharePoint Administrators to make sure that we keep the farm secure and keep up with the latest security updates from Microsoft! Therefore, if your farm is not already on the March 2019 Public Update or later, plan an update as soon as possible!
Follow me for the latest updates and don’t forget to share this with your peers!
|Leave a comment and don’t forget to like the Absolute SharePoint Blog Page on Facebook and to follow me on Twitter here for the latest news and technical articles on SharePoint. I am also a Pluralsight author, and you can view all the courses I created on my author page.|