Microsoft SharePoint Server vulnerability could allow information disclosure
Report ID: MS201304003
Date Published: 10 April 2013
Criticality: Important
Compromise Type: information-disclosure
Compromise From: remote
Affected Product/Component:
Microsoft SharePoint Server 2013 (coreserverloc)
Summary
A vulnerability in Microsoft SharePoint Server could lead to information disclosure, where the attacker could be able to access sensitive documents.
Detailed Description
Microsoft has released a security update to address an information disclosure vulnerability that was reported found in the SharePoint Server. The vulnerability was caused by the way that SharePoint applies access controls to a list. If successfully exploited, an attacker could be able to access sensitive documents.
This issue has beed resolved by making a correction on the way that default access control are applied to the SharePoint list. Users are recommended to install the latest update as a protection measure against possible exploit attempts.
CVE Reference
CVE-2013-1290
Solution
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-030)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.
