Security Update for Microsoft SharePoint Server 2016 (December 2017)

high Nessus Plugin ID 105190

Synopsis

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update.

Description

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.
(CVE-2017-11936)

Solution

Microsoft has released security update KB4011576 to address this issue.

See Also

http://www.nessus.org/u?5f43e5cb

Plugin Details

Severity: High

ID: 105190

File Name: smb_nt_ms17_dec_office_sharepoint.nasl

Version: 1.13

Type: local

Agent: windows

Published: 12/12/2017

Updated: 6/6/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2017-11936

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:project_server, cpe:/a:microsoft:sharepoint_server:2016, cpe:/a:microsoft:office, cpe:/a:microsoft:sharepoint_foundation

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 12/12/2017

Vulnerability Publication Date: 12/12/2017

Reference Information

CVE: CVE-2017-11936

BID: 102068

IAVA: 2017-A-0363-S

MSFT: MS17-4011576

MSKB: 4011576