Microsoft SharePoint Improper Privilege Management Vulnerability Allowing Elevation of Privilege

A vulnerability has been identified in Microsoft Office SharePoint that involves improper privilege management. This issue allows an authorized attacker to elevate privileges locally. The vulnerability affects multiple versions of SharePoint, including the Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain elevated rights and access sensitive information, such as the ability to read certain load files.

Remediation

Users can apply the security updates available for their specific SharePoint version. For SharePoint Server 2019, security updates 5002708 and 5002706 should be installed. SharePoint Enterprise Server 2016 users should apply security updates 5002722 and 5002712. SharePoint Subscription Edition users can install security update 5002709.