Hackers are actively misusing a recently repaired critical remote code execution vulnerability in SharePoint Server variants to mainline China Chopper web shell that permits hackers to inject an issue many other commands.
Canadian and Saudi Arabian cyber-security raised awareness about the continual attack targeting the archaic systems.
The vulnerability impacts all of the versions from SharePoint Server 2010 to through SharePoint Server 2019, and the vulnerability could be monitored as CVE-2019-0604, it was patched by Microsoft in February, released security updates on March 12, and again on April 25.
"A person who exploits the vulnerability can run arbitrary code in the context of this Share-point application pool and the Share-point server account. The exploitation of this vulnerability requires a specially crafted Share-point application bundle."
In this case, the attackers used China Chopper web shell to get the compromised servers remotely and also to issue commands and to manage files on the victim host.
The web shell enables a person to upload and download any files from the jeopardized server and to edit, delete, copy, rename and even to change the timestamp of existing files.
Based on researches conducted by cybersecurity agencies, the targeted businesses are academic, usefulness, heavy industry, technology, and manufacturing businesses.
The company running share stage servers advocated upgrading the servers to addresses the vulnerability.
Indicators of compromise