Security Update for Microsoft SharePoint Server and Project Server (July 2017)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The Microsoft SharePoint Server or Project Server installed on the
remote Windows host is missing a security update. It is, therefore,
affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in
Microsoft Office due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or open a specially crafted document, to
execute arbitrary code in the context of the current
user. (CVE-2017-0243)

- A remote code execution vulnerability exists in
Microsoft Office due to improper handling of objects in
memory. An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website or open a specially crafted document, to
execute arbitrary code in the context of the current
user. (CVE-2017-8501)

- A cross-site scripting (XSS) vulnerability exists in
Microsoft SharePoint Server due improper validation of
user-supplied input in web requests. An authenticated,
remote attacker can exploit this, via a specially
crafted request, to execute arbitrary script code in a
user's browser session. (CVE-2017-8569)

See also :

http://www.nessus.org/u?26d330c5
http://www.nessus.org/u?6f1f0aeb
http://www.nessus.org/u?e96c375f
http://www.nessus.org/u?6110072f
http://www.nessus.org/u?d4c8bed4

Solution :

Microsoft has released a set of patches for SharePoint Server 2013
and 2016; Excel Services on SharePoint Server 2010; and Microsoft
Project Server 2010.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 101372 ()

Bugtraq ID: 99441
99446
99447

CVE ID: CVE-2017-0243
CVE-2017-8501
CVE-2017-8569

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now