CVE-2020-0932: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-0932) exists in Microsoft SharePoint when the software fails to check the source markup of an application package. The vulnerability was disclosed and patched as part of Microsoft's April 2020 security updates. The affected systems include SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, and SharePoint Server 2019 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is related to unrestricted upload of files with dangerous types (CWE-434) (NVD).

If successfully exploited, this vulnerability allows an attacker to execute arbitrary code in the context of the SharePoint application pool and SharePoint server farm account. The high CVSS score indicates that successful exploitation could lead to complete compromise of confidentiality, integrity, and availability of the affected system (NVD).

Microsoft released security updates to address this vulnerability in April 2020. The fixes are available through Microsoft Update, Microsoft Update Catalog, and Microsoft Download Center. For SharePoint Server 2019, the update is KB4484292, and for SharePoint Enterprise Server 2016, the update is KB4484299 (Microsoft Support).

The vulnerability gained attention in the security community, with the Zero Day Initiative publishing a detailed analysis of the vulnerability, specifically focusing on how it could be exploited using TypeConverters (ZDI Blog).