Security Update for Microsoft SharePoint Server 2016 (December 2017)

High Nessus Plugin ID 105190

Synopsis

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update.

Description

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
(CVE-2017-11936)

Solution

Microsoft has released security update KB4011576 to address this issue.

See Also

http://www.nessus.org/u?5f43e5cb

Plugin Details

Severity: High

ID: 105190

File Name: smb_nt_ms17_dec_office_sharepoint.nasl

Version: 1.8

Type: local

Agent: windows

Published: 2017/12/12

Modified: 2018/08/03

Dependencies: 13855, 57033, 93232, 74250

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sharepoint, cpe:/a:microsoft:project_server, cpe:/a:microsoft:office

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2017/12/12

Vulnerability Publication Date: 2017/12/12

Reference Information

CVE: CVE-2017-11936

BID: 102068

MSKB: 4011576

MSFT: MS17-4011576

IAVA: 2017-A-0363