Follow me on Twitter @AntonioMaio2

Saturday, March 12, 2016

Vulnerability: SharePoint 2010 and 2013 - Security Bulletin MS16-029 IMPORTANT - Mar 2016 CU

This week Microsoft released an important security bulletin related to vulnerabilities in Microsoft SharePoint 2010 and 2013, as well as Microsoft Office versions 2007, 2010, 2013, 2013RT, 2016 and 2011 & 2016 for Mac.  Full details on the vulnerabilities can be found here: https://technet.microsoft.com/en-us/library/security/ms16-029.

The following services within the listed versions of SharePoint are specifically affected:

1. Microsoft SharePoint 2010
    • Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2


    2. Microsoft SharePoint 2013
      • Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1


      3. Microsoft Office Web Apps Server 2010 Service Pack 2
      • Microsoft Office Web Apps 2010 Service Pack 2

        4. Microsoft Office Web Apps Server 2013 Service Pack 1
        • Microsoft Web Apps Server 2013 Service Pack 1

        Background Summary (from Microsoft's Bulletin)

          Full details on the vulnerabilities can be found here: https://technet.microsoft.com/en-us/library/security/ms16-029. According to the official Microsoft Bulletin the following is a summary of the vulnerability:

          The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

          A security feature bypass vulnerability exists in Microsoft Office software due to an invalidly signed binary. An attacker who successfully exploited the vulnerability could use a similarly configured binary to host malicious code. A defender would then not be able to rely on a valid binary signature to differentiate between a known good and a malicious binary. To successfully exploit this vulnerability, an attacker would have to have write access to the target location that contains the invalidly signed binary. The attacker could then overwrite the original file with their own malicious file and wait for an application, or user, to trigger the malicious binary.

          The security updates provided by Microsoft address the vulnerabilities by:
          • Providing a validly signed binary
          • Correcting how Office handles objects in memory

          Security Resources



          • WORKAROUND: There is a workaround available for the Microsoft Office Memory Corruption Vulnerability.  Details of the workaround involve disabling the OLE Package function in Outlook and available at the Microsoft link provided.  The workaround would likely only assist with protecting Microsoft Office installations on desktops and not SharePoint installations from this vulnerability.

          • REPORTED EXPLOITS: According to Microsoft, at this time there are no reported exploits that have occurred using these vulnerabilities.

          Additional details regarding the SharePoint related vulnerabilities are available at the National Vulnerability Database at the following links: