CVE-2021-42309: 
vulnerability analysis and mitigation

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-42309) was discovered and reported on September 3, 2021. This vulnerability affects Microsoft SharePoint Server installations and was publicly disclosed on January 14, 2022. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server, requiring authentication for exploitation (ZDI Advisory).

The vulnerability exists within the handling of server-side controls in SharePoint Server. The specific flaw occurs when an unsafe server-side control can be instantiated if it is specified as a child of a permitted control. The vulnerability has been assigned a CVSS score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating its high severity (ZDI Advisory).

When successfully exploited, this vulnerability enables attackers to execute code in the context of the service account on the affected SharePoint Server. Given the authentication requirement and the potential for code execution, this vulnerability poses a significant risk to affected systems (ZDI Advisory).

Microsoft released a security update to address this vulnerability in December 2021. The fix was included in KB5002045 for SharePoint Server Subscription Edition, along with several other security and non-security related improvements (Microsoft Support).