Security Updates for Microsoft SharePoint Server and Microsoft Project Server (November 2017)
Critical Nessus Plugin ID 104570
SynopsisThe Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update.
DescriptionThe Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :
- An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be authenticated to (logged on) the target site. (CVE-2017-11876)
- A remote code execution vulnerability exists when a user opens a specially crafted office file. (ADV170020).
SolutionMicrosoft has released the following security updates to address this issue: