MS14-050 Critical Vulnerability in SharePoint 2013

MS14-050 Critical Vulnerability in SharePoint 2013

V: 1.2

Recently Microsoft Security Bulletin MS14-050 has been released as Critical. It applies to following products:
  • Sharepoint Server 2013 (with or without SP1)
  • Sharepoint Foundation 2013 (with or without SP1)

Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating: Important

This security update may require reboot. 
This security update resolves one privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary JavaScript in the context of the user on the current SharePoint site.
Microsoft Security Bulletin MS14-050 – August 2014

MS Knowledge Base Articles
MS14-050: Vulnerability in Microsoft SharePoint Server could allow elevation of privilege: August 12, 2014

MS14-050: Description of the security update for SharePoint Services: August 12, 2014

Common Vulnerabilities and Exposures

NIST National Vulnerability Database – Vulnerability Summary for CVE-2014-2816
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2816

Updates Replaces by this update – MS14-022

Download MS14-050 – Security Update for Microsoft SharePoint Enterprise Server 2013 (KB2880994)

Mitigating Factors
No mitigating factors have been identified.

Workaround:
For SharePoint instances, evaluate and remove apps as appropriate. Install new apps from trusted sources only.

Security Tools:

Leave a Reply

Enter the CAPTCHA * Time limit is exhausted. Please reload CAPTCHA.