Skip to main content

The ACSC is aware of malicious cyber actors successfully exploiting a Microsoft SharePoint vulnerability in order to implant web shells on compromised hosts.

Alert status

This vulnerability (CVE-2019-0604) was originally identified in a security advisory published by Microsoft on 12 February 2019. This security advisory was subsequently updated on 25 April 2019 with a new software patch. This ACSC advisory provides recommendations for securing Microsoft SharePoint and advice on identifying potential successful exploitation of this vulnerability.

Further details on this vulnerability are available from Microsoft.