HC3 Sector Alert: CVE-2020-1147: .NET Framework, SharePoint Server

July 21, 2020

HC3 Sector Alert:  CVE-2020-1147: .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

On July 14, 2020, Microsoft released a patch for CVE-2020-1147. If left unpatched the vulnerability, which affects Microsoft SharePoint, .NET Framework, and Visual Studio, could allow an attacker to run arbitrary code. According to Microsoft, this type of vulnerability is historically exploited by attackers. To patch the vulnerability, the most recent software needs to be installed for the affected programs. This vulnerability should be carefully considered for patching by any healthcare organization with special consideration to the vulnerability criticality category against the risk management posture of the organization.

Related Resources

Guides/Reports
As a member of the Healthcare and Public Health Sector, you play a significant role in national security by protecting the nation and its economy from hazards…
Standards/Guidelines
Public
Agent Tesla is an established Remote Access Trojan (RAT) written in .Net. A successful deployment of Agent Tesla provides attackers with full computer or…
Webinar Recordings
Public
The U.S. Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) invites you to join its monthly cybersecurity…
AHA Center for Health Innovation Market Scan
Free Identity Protection In the spirit of helping front-line virus fighting organizations during these uncertain times, KII Consulting Inc., in partnership…
Advancing Health Podcast
In part two of this two-part podcast, two senior officials at the forefront of the ongoing duel with cybercriminals. DHS Under Secretary and Chief Intelligence…
Advancing Health Podcast
Public
In part one of this two-part podcast, you’ll hear from two senior officials at the forefront of the ongoing duel with cybercriminals. DHS Under Secretary and…