virus logo Intrusion Prevention

MS.SharePoint.Server.ExecuteProxyUpdates.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft Sharepoint Server.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An authenticated attacker can exploit this via a crafted request, leading to arbitrary code execution within the context of the application.

affected-products-logoAffected Products

Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft SharePoint Foundation 2013 Service Pack 1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17061

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-02 16.972 Default_action:pass:drop
2020-11-10 16.959

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17061
ID 49603
Created Nov 10, 2020
Updated Sep 22, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2020-17061
Exploit Prediction Score 1.27%
Default Action drop
Active
Affected OS Windows
Affected App Other