CVE-2021-41344: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344) was disclosed on October 12, 2021. This vulnerability affects multiple versions of Microsoft SharePoint, including SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, and SharePoint Server 2019 (NVD).

The vulnerability exists within the handling of custom workflows in SharePoint Server. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. The vulnerability has received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (ZDI Advisory).

An attacker who successfully exploits this vulnerability can execute arbitrary code in the context of the web service account on affected installations of Microsoft SharePoint. The vulnerability requires authentication for exploitation and could lead to complete system compromise (ZDI Advisory).

Microsoft has released security updates to address this vulnerability. The fix was included in the October 2021 security updates. Organizations running affected versions of SharePoint should apply the security update KB5002029 for SharePoint Enterprise Server 2016 and corresponding updates for other affected versions (Microsoft Support).