Microsoft has released an out-of-cycle update for SharePoint to close previously undisclosed vulnerabilities. The vulnerabilities, CVE-2019-1442 and CVE-2019-1443, could allow an attacker to upload specially crafted files that would bypass validation and security to request credentials from the recipient. In both cases, the result would be an especially effective phishing campaign because the messages would come from within the victim's organization.
The update also includes fixes for a number of non-security issues, including malformed and misdisplayed HTTP message components and misleading date information that could result from certain document creation sequences.
