MS14-050 Critical Vulnerability in SharePoint 2013
V: 1.2
Recently Microsoft Security Bulletin MS14-050 has been released as Critical. It applies to following products:
- Sharepoint Server 2013 (with or without SP1)
- Sharepoint Foundation 2013 (with or without SP1)
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating: Important
This security update may require reboot.
This security update resolves one privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary JavaScript in the context of the user on the current SharePoint site.
Microsoft Security Bulletin MS14-050 – August 2014
MS Knowledge Base Articles
MS14-050: Vulnerability in Microsoft SharePoint Server could allow elevation of privilege: August 12, 2014
MS14-050: Description of the security update for SharePoint Services: August 12, 2014
Common Vulnerabilities and Exposures
NIST National Vulnerability Database – Vulnerability Summary for CVE-2014-2816
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2816
Updates Replaces by this update – MS14-022
Download MS14-050 – Security Update for Microsoft SharePoint Enterprise Server 2013 (KB2880994)
Mitigating Factors
No mitigating factors have been identified.
Workaround:
For SharePoint instances, evaluate and remove apps as appropriate. Install new apps from trusted sources only.
Security Tools: