🇬🇧 English Version#
TL;DR#
A high-severity deserialization vulnerability (CVE-2026-45659) in Microsoft Office SharePoint allows an authenticated attacker to execute arbitrary code remotely. The vulnerability has a CVSS score of 8.8 and affects all supported versions of SharePoint. Immediate patching is recommended.
What Happened#
Microsoft disclosed a vulnerability in SharePoint where untrusted data is deserialized without proper validation. An attacker with valid credentials can exploit this to execute code on the SharePoint server, potentially leading to full system compromise.
Technical Details#
- CVE ID: CVE-2026-45659
- Weakness Type: CWE-502 (Deserialization of Untrusted Data)
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low (authenticated user)
- User Interaction: None
- Impact: Confidentiality, Integrity, and Availability are all HIGH.
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact & Risk#
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the SharePoint application pool. This could lead to data theft, malware installation, or lateral movement within the network. The vulnerability is rated HIGH with a score of 8.8.
Mitigation / Recommendations#
- Apply the latest security updates from Microsoft as soon as possible.
- Restrict network access to SharePoint servers to trusted users and systems.
- Monitor for unusual activity on SharePoint servers.
- If patching is delayed, consider additional network segmentation and access controls.
References#
🇹🇭 ฉบับภาษาไทย#
ไม่มีเนื้อหาภาษาไทย
📋 ข้อมูลอ้างอิง#
| รายการ | ข้อมูล |
|---|---|
| ระดับความรุนแรง | 🟠 High |
| แหล่งที่มา | # |
| วันที่เผยแพร่ | 2026-06-03 |
| ภาษาต้นฉบับ | en |
📌 บทความนี้สร้างโดย AI กรุณาตรวจสอบก่อน publish