Microsoft SharePoint Servers Actively Targeted By Hackers

are actively exploiting recent patched remote code execution vulnerabilities in the Microsoft SharePoint version to inject the China Chopper web shell, which allows to inject various commands.

Canadian and Saudi Arabian cybersecurity raised awareness about the ongoing attack targeting the outdated systems.

The vulnerability affects all versions of SharePoint Server 2010 to SharePoint Server 2019, and vulnerabilities can be tracked as CVE-2019-0604, it was patched by Microsoft in February, releasing security updates on March 12 and again April 25.

“An attacker who exploits the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. The exploitation of this vulnerability requires a specially crafted SharePoint application package.”

In this case, the attackers used the China Chopper web shell to access the compromised remotely and issue commands and manage files on the victim server.

The web shell allows an attacker to upload and download any files from the compromised server and to edit, delete, copy, rename and even to change the timestamp of existing files.

You might also like
Leave A Reply

Your email address will not be published.