SharePoint CVE-2020-1147 now has a PoC
Microsoft has released a patch to fix CVE-2020-1147 which they have described as following.
“A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.
To exploit this vulnerability, an attacker could upload a specially crafted document to a server utilizing an affected product to process content.”
Basically, low privileged user who knows what they are doing can get remote code execution on the SharePoint server. Technically you don’t even need SharePoint running as it affects .Net applications, so it’s a pretty big issue.
The bug was discovered by Oleksandr Mirosh, Markus Wulftange and Jonathan Birch and you can check out the PoC if you really want to understand more.
I would recommend that everyone gets to patching ASAP as this could be used for lateral movement and privilege escalation to gain domain control.
If your business has an A Team Support agreement you have already been patched.