MS14 081 Vulnerability in SharePoint

Version 1.0

Seems like this year has been really hard on Office Web Apps and Word Services within SharePoint 2010 / 2013 for security reasons.

Microsoft released another security bulletin that impacts:

Here is the security bulletin that is ranked as critical.

Microsoft Security Bulletin MS14-081 – Critical
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)

Following are the important resources on this issue.

An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The vulnerability cannot be exploited automatically through email. For an attack to be successful a user must open an attachment that is sent in an email message.
In a web-based attack scenario, an attacker could host a website that contains a file that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s site, and then convince them to open the specially crafted file in an affected version of Microsoft Office software.

No workaround available so far.

Visit www.softvative.com for professional and Managed services for your SharePoint Farms.

Comments are closed.