Microsoft SharePoint Path Traversal Vulnerability Allowing Spoofing

A path traversal vulnerability has been identified in Microsoft Office SharePoint, allowing an authorized attacker to perform spoofing over the network. This issue arises from improper limitations on file paths, enabling exploitation by manipulating directory access.

Impact

Exploitation of this vulnerability could lead to unauthorized spoofing attacks over the network.

Reproduction

The vulnerability can be reproduced by an authorized user who manipulates file paths to traverse directories, potentially leading to spoofing actions on the network.

Remediation

Microsoft has released a security update for SharePoint Subscription Edition. For SharePoint 2019 and 2016, security updates are in progress. In the meantime, users are advised to enable AMSI integration and deploy Defender AV on all SharePoint servers. After applying the update or enabling AMSI, it's recommended to rotate the SharePoint Server ASP.NET machine keys.