FILE-OTHER Microsoft SharePoint deserialization attempt
This event is generated when an attempt is made to perform an unsafe deserialization function against a Microsoft SharePoint application.
Remote Code Execution
Microsoft SharePoint suffers from an unsafe deserialization vulnerability that could allow malicious users the ability run unauthorized code on a server. To take advantage of this vulnerability the malicious user must have credentials to the system that allow them the ability to make changes and upload BCD model files on the system.
- Microsoft SharePoint 2016
Ease of attack
Apply recommended patches and/or updates to the system.
- Cisco Talos Intelligence Group