Microsoft Security Bulletin MS15-047 - Important

Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (3058083)

Published: May 12, 2015

Version: 1.0

Executive Summary

This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.

This security update is rated Important for supported editions of Microsoft SharePoint Server 2007, Microsoft SharePoint Server 2010, Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013, and Microsoft SharePoint Foundation 2013. For more information, see the Affected Software section.

The security update addresses the vulnerabilities by correcting how SharePoint Server sanitizes specially crafted page content. For more information about the vulnerabilities, see the Vulnerability Information section.

For more information about this update, see Microsoft Knowledge Base Article 3058083.

Affected Software

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

Microsoft Server Software

Microsoft SharePoint Server Component Maximum Security Impact Aggregate Severity Rating Updates Replaced
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
(2760412)
Not applicable Remote Code Execution Important 2687405 in MS12-066
Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions)
(2760412)
Not applicable Remote Code Execution Important 2687405 in MS12-066
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2010 Service Pack 2 Microsoft SharePoint Foundation 2010 Service Pack 2
(3017815)
Remote Code Execution Important 2956208 in MS15-022
Microsoft SharePoint Server 2010 Service Pack 2
(2956192)
Not applicable Remote Code Execution Important 2837598 in MS15-022
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2013 Service Pack 1 Microsoft SharePoint Foundation 2013 Service Pack 1
(3054792)
Remote Code Execution Important 2956175 in MS15-022

Update FAQ

Why are some of the update files listed in this bulletin also denoted in other bulletins being released in May?
Several of the update files listed in this bulletin are also denoted in other bulletins being released in May due to overlaps in affected software. Although the different bulletins address separate security vulnerabilities, the security updates have been consolidated where possible and appropriate. Therefore some identical update files are present in multiple bulletins.

Note that identical update files being released with multiple bulletins do not need to be installed more than once.

There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Affected Software table for the software?
Yes. Customers should apply all updates offered for the software installed on their systems.

Severity Ratings and Vulnerability Identifiers

The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the May bulletin summary.

Microsoft Server Software

Vulnerability Severity Rating and Maximum Security Impact by Affected Software
Affected Software Microsoft SharePoint Page Content Vulnerabilities – CVE-2015-1700 Aggregate Severity Rating
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
(2760412)
Important
Remote Code Execution
Important
Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions)
(2760412)
Important
Remote Code Execution
Important
Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010 Service Pack 2
(3017815)
Important
Remote Code Execution
Important
Microsoft SharePoint Server 2010 Service Pack 2
(2956192)
Important
Remote Code Execution
Important
Microsoft SharePoint Server 2013
Microsoft SharePoint Foundation 2013 Service Pack 1
(3054792)
Important
Remote Code Execution
Important

Vulnerability Information

Microsoft SharePoint Page Content Vulnerabilities – CVE-2015-1700

Remote code execution vulnerabilities exist when SharePoint Server improperly sanitizes specially crafted page content. An authenticated attacker could attempt to exploit these vulnerabilities by sending specially crafted page content to a SharePoint server. The attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site. Systems that are running an affected version of SharePoint Server are primarily at risk.

The security update addresses the vulnerabilities by correcting how SharePoint Server sanitizes specially crafted page content.

Microsoft received information about the vulnerabilities through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that these vulnerabilities had been publicly used to attack customers.

To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2015-1700.

Mitigating Factors

The following mitigating factors may be helpful in your situation:

  • To exploit this vulnerability, an attacker must be able to authenticate on the target SharePoint site. Note that this is not a mitigating factor if the SharePoint site is configured to allow anonymous users to access the site. By default, anonymous access is not enabled.

Workarounds

Microsoft has not identified any workarounds for these vulnerabilities.

FAQ

Why is a single CVE Identifier assigned to multiple vulnerabilities?
Although the vulnerabilities are in different components of Microsoft SharePoint Server, they all share the same underlying issue and related code. The vulnerabilities are grouped into a single CVE Identifier that represents the underlying issue.

Security Update Deployment

For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.

Acknowledgments

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

  • V1.0 (May 12, 2015): Bulletin published.

Page generated 2015-05-06 11:03Z-07:00.