SharePoint Reflected Cross-Site Scripting (CVE-2017-8514)
Description
Microsoft SharePoint Enterprise Server 2016 contains a reflected cross-site scripting (XSS) vulnerability due to improper input validation and sanitization of user-supplied data in specially crafted requests. When malicious input is reflected back to users without proper encoding, attackers can inject and execute arbitrary JavaScript code in the context of the victim's browser session.
Remediation
Apply the security updates provided by Microsoft to remediate this vulnerability:
1. Immediate Action: Install the security update for Microsoft SharePoint Enterprise Server 2016 as described in Microsoft Security Advisory CVE-2017-8514
2. Verify Patch Installation: After applying updates, confirm the patch version through SharePoint Central Administration or by checking the installed update history
3. Review Configurations: Ensure that SharePoint's built-in XSS protection features are enabled and not disabled by custom configurations
4. Implement Defense-in-Depth: Deploy Content Security Policy (CSP) headers to mitigate XSS risks even if new vulnerabilities are discovered
5. User Awareness: Train users to recognize and report suspicious links, especially those containing unusual parameters or encoded characters
6. Monitor for Exploitation: Review SharePoint logs for suspicious requests containing script tags, JavaScript event handlers, or encoded payloads
For organizations unable to immediately patch, consider implementing Web Application Firewall (WAF) rules to filter malicious requests as a temporary mitigation measure.