Share this Tech Tip!

CVE-2019-1491 | Microsoft SharePoint Server Information Disclosure Vulnerability

The Microsoft Security Response Team has identified an Important security vulnerability. This vulnerability potentially allows an attacker to send a specifically crafted request to a susceptible SharePoint system which would allow the attacker to read from the filesystem. Since this vulnerability has not been exploited, the specifics of the vulnerability have not been publicly disclosed. This vulnerability impacts SharePoint 2019, 2016, 2013 and 2010. It can be remediated with a Microsoft Security update. For further information, refer to the following:

 

Product 

Article

Download

Microsoft SharePoint Enterprise Server 2016

4484143

Security Update

Microsoft SharePoint Foundation 2010 Service Pack 2

4484165

Security Update

Microsoft SharePoint Foundation 2013 Service Pack 1

4484157

Security Update

Microsoft SharePoint Server 2019

4484142

Security Update

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1491#ID0EWIAC

 

For assistance remediating this issue, please contact ZAACT HERE.

 

Author: Jason Thornbrugh, Cloud Architect
Jason is an IT Infrastructure Specialist who has been working in IT system design, security and infrastructure roles for 20+ years. He holds multiple industry certifications in virtual infrastructure and private cloud. Jason has developed massively scalable infrastructure supporting sales, marketing and engineering workloads for a Fortune 20 company. He has a passion for developing systems at scale that satisfy a diverse set of customer requirements while providing scalability, availability, security and performance.