CVE-2020-1147: 
vulnerability analysis and mitigation

CVE-2020-1147 is a remote code execution vulnerability that affects Microsoft .NET Framework, SharePoint Server, and Visual Studio. The vulnerability was disclosed on July 14, 2020, and occurs when the software fails to check the source markup of XML file input. This vulnerability impacts multiple versions of Microsoft products including SharePoint Enterprise Server, SharePoint Server, Visual Studio 2017/2019, and various versions of the .NET Framework (NVD).

The vulnerability has a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability exists in the way the affected software handles the deserialization of XML content. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the process responsible for XML deserialization. This could potentially lead to unauthorized access, data compromise, and system control, particularly affecting organizations using SharePoint Server, .NET Framework, or Visual Studio (NVD).

Microsoft has released security updates that address the vulnerability by correcting how .NET Framework, SharePoint Server, and Visual Studio validate the source markup of XML content. Organizations are advised to apply the appropriate security patches based on their installed software versions (MSRC).