A security researcher discovered a new approach to stage remote code execution (RCE) attacks using a newly patched deserialization issue in Microsoft SharePoint.
To send complicated objects to servers and between processes, several languages employ serialisation and deserialization. If the deserialization process is vulnerable, an adversary can use it to submit malicious objects to the server and have them run. Read More…