• Home
  • |
  • Blog
  • |
  • How to Fix CVE-2022-35823- A Remote Code Execution Vulnerability in Microsoft SharePoint
How to Fix CVE-2022-35823- A Remote Code Execution Vulnerability in Microsoft SharePoint

With the onset of a Remote Code Execution vulnerability CVE-2022-35823, the integrity and confidentiality of businesses are at stake. Since this  recently shared vulnerability (on 09/13/2022), is classified as critical to the affected installations of Microsoft SharePoint, it is vital to know how to fix CVE-2022-35823, a Remote Code Execution vulnerability in Microsoft SharePoint. 

A remote authenticated attacker can run arbitrary code on the business products/system. This specially-crafted request can disclose all business information and content to the attacker.

Considering these serious effects of the attacks on business products, SharePoint published the possible way to fix this vulnerability. Applying/downloading security patches can reduce the severity of attacks and even eliminate the problem of CVE-2022-35823 exploit. 

This article will show you how to fix CVE-2022-35823, a Remote Code Execution vulnerability in Microsoft SharePoint.

A Short Note About Microsoft SharePoint

Microsoft Sharepoint is a web-based collaborative platform that allows users to share and manage documents, data, and information. It enables businesses to create websites and portals to share information and collaborate on projects. Sharepoint also provides enterprise content management capabilities, such as document management, records management, and search.

SharePoint is available in on-premises and cloud-based versions. The on-premises version is installed on a company’s own servers, while the cloud-based version is hosted by Microsoft.

SharePoint has been around since 2001 and is used by organizations of all sizes. It is estimated that there are over 190 million Sharepoint users worldwide.

Microsoft SharePoint is a versatile platform that can be used for a variety of purposes. Some common uses of Sharepoint include:

– Creating websites and portals

– Sharing documents and data

– Collaborating on projects

– Managing documents and records

– Searching for information

SharePoint provides many benefits to organizations, such as increased productivity, improved collaboration, and better information management. If you are looking for a way to improve your business operations, Sharepoint may be the right solution for you.

Summary of CVE-2022-35823:

This is a remote code execution vulnerability in SharePoint application. According to the research team, this flaw allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft SharePoint. A remote attacker requires authentication and should have access to create a page on the SharePoint to exploit the vulnerability and runs an arbitrary code on the affected installations.

The specific flaw exists within the handling of custom workflows. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the web service account.
-ZDI
Associated CVE IDCVE-2022-35823
DescriptionA Remote Code Execution Vulnerability in Microsoft SharePoint
Associated ZDI ID
CVSS Score8.1 High
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)None
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)None
This Table Is Created in Evernote By the Author

Microsoft SharePoint Versions Affected by CVE-2022-35823 RCE Vulnerability

Below is the list of versions that are affected by CVE-2022-35823 Remote Code Execution Vulnerability in Microsoft SharePoint; 

ProductImpactMax SeverityDownload
Microsoft SharePoint Foundation 2013 Service Pack 1Remote Code ExecutionImportantSecurity Update
Microsoft SharePoint Enterprise Server 2016Remote Code ExecutionImportantSecurity Update
Microsoft SharePoint Server Subscription EditionRemote Code ExecutionImportantSecurity Update
Microsoft SharePoint Server 2019Remote Code ExecutionImportantSecurity Update
Microsoft SharePoint Enterprise Server 2013 Service Pack 1Remote Code ExecutionImportantCumulative Update Security Update
This Table Is Created in Evernote By the Author

How to Fix CVE-2022-35823- A Remote Code Execution Vulnerability in Microsoft SharePoint?

Microsoft has released the security patches to fix the CVE-2022-35823 flaw. Please apply these patches from Microsoft’s security advisory.

  1. KB5002267 – security update for SharePoint Foundation 2013
  2. KB5002271 – security update for SharePoint Server Subscription Edition
  3. KB5002258 – security update for SharePoint Server 2019
  4. KB5002264 – cumulative update for SharePoint Enterprise Server 2013
  5. KB5002267 – security update for SharePoint Foundation 2013
  6. KB5002269 – update for SharePoint Enterprise Server 2016

Different Ways to install the Update on Windows:

Image source: Microsoft

You can download the security patches directly form here:

  1. SharePoint Server Subscription Edition
  2. SharePoint Server 2019
  3. SharePoint Server 2016 (Feature Pack 1)
  4. SharePoint Server 2016 (Feature Pack 2)
  5. SharePoint Enterprise Server 2016
  6. SharePoint Server 2013 Service Pack 1
  7. SharePoint Foundation 2013

We hope this post will help you know how to fix CVE-2022-35823, a Remote Code Execution vulnerability in Microsoft SharePoint.. Please share this post if you find this interested. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this.

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.