CVE-2020-1025: Microsoft Office Elevation of Privilege Vulnerability

Overview

Severity

N/A

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Jul

Released

2020-07-14

Last Updated

2020-08-03

EPSS Score

13.80% (percentile: 94.3%)

Description

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

Affected Products (6)

Microsoft Office

• Skype for Business Server 2019 CU2
• Skype for Business Server 2015 CU 8
• Microsoft Lync Server 2013
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Foundation 2013 Service Pack 1

Security Updates (6)

• 4571332
• 4571333
• 4571334
• 4484436
• 4484453
• 4484448

Acknowledgments

Justin Hendricks (@script_happens) of Microsoft

Revision History

• 2020-07-14: Information published.
• 2020-08-03: Corrected security updates table. This is an informational update only.