The Cyber Security Authority (CSA) raises awareness of a new remote code execution vulnerability (CVE-2020-16952) affecting Microsoft SharePoint. Successful exploitation of this vulnerability would allow an attacker to run arbitrary code and carry out security actions in the context of the local administrator on affected installations of the SharePoint server.

The CSA always recommends applying security updates promptly to mitigate the exploitation of all vulnerabilities.

The CSA is issuing this alert to ensure that system owners are aware of this vulnerability and ensure remediation actions are taken.

Details of Vulnerability

The vulnerability is caused by a validation issue in user-supplied data.

This vulnerability can be exploited when a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. This affects versions:

  • Microsoft SharePoint Foundation 2013 Service Pack
  • Microsoft SharePoint Enterprise Server 2016.
  • Microsoft SharePoint Server 2019
  • SharePoint Online as part of Office 365 is not affected
  • The October 2020 SharePoint security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages


  • This vulnerability can be mitigated by ensuring that the relevant security updates are installed.
  • A variety of mitigations will be helpful in defending against this vulnerability.
  • Protect your devices and networks by keeping them up to date: use the latest supported versions, apply security updates promptly, use antivirus and scan regularly to guard against known malware threats.
  • Prevent and detect lateral movement in your organisation’s networks
  • Set up a security monitoring capability to collect the data that will be needed to analyse network intrusions.
  • Review and refresh your incident management processes.


The CSA strongly advises that organisations ensure the necessary updates are installed in affected SharePoint products.

The CSA generally recommends following vendor best practice advice in the mitigation of vulnerabilities. In this SharePoint vulnerability, it is important to install the latest updates as soon as it is released.