SharePoint is one of those less-visible portions of Microsoft Office. It’s a tool for managing shared files across users and systems — if you don’t use it for work, you may never have heard of it, but if you do, it’s probably a lynchpin of your daily team functions. And there’s bad news if you fall into the latter category: two massive zero-day vulnerabilities in the software are being actively exploited.
Microsoft has released a patch that fixes up two critical vulnerabilities in the current, Microsoft 365 version of SharePoint, as well as the older standalone SharePoint 2019 release. The company is recommending an immediate update for these out-of-band patches, according to Bleeping Computer. Unfortunately the non-subscription SharePoint 2016 release has not been patched yet, though that’s in the works.
These are Remote Code Execution (RCE) vulnerabilities discovered following the latest Pwn2Own security conference, which were themselves patched earlier, but led to even newer weaknesses coming out. That’s the bad stuff — RCE can be exploited to deliver malware payloads that can completely compromise Windows. SharePoint users and administrators can apply the updates via Central Admin or PowerShell, using these instructions.
Further reading: These 3 crucial Windows security mistakes can wreck your PC
Войдите, чтобы добавить комментарий
Другие сообщения в этой группе
Free alternatives may exist for Microsoft Office components, but some
E-commerce giant Amazon is now expanding its automotive business to i
As expected, by 2028 your PC will be internally passing a terabyte’s
Want ad-free streaming without paying through the nose for Netflix or
Microsoft is reportedly testing a new feature in the taskbar called “
I spend a lot of time searching Amazon listings. In addition to stand
