The update repairs vulnerabilities that could lead to very effective phishing messages.

Dark Reading Staff, Dark Reading

December 19, 2019

1 Min Read

Microsoft has released an out-of-cycle update for SharePoint to close previously undisclosed vulnerabilities. The vulnerabilities, CVE-2019-1442 and CVE-2019-1443, could allow an attacker to upload specially crafted files that would bypass validation and security to request credentials from the recipient. In both cases, the result would be an especially effective phishing campaign because the messages would come from within the victim's organization.

The update also includes fixes for a number of non-security issues, including malformed and misdisplayed HTTP message components and misleading date information that could result from certain document creation sequences.

For more, read here and here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How to Manage API Security."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights