Stopping SharePoint’s CVE-2019-0604

On May 11th, 2019, Microsoft's SharePoint server (versions 2010 through 2019) was found to have a critical web vulnerability, CVE-2019-0604. This Remote Code Execution vulnerability allowed advanced persistent threats (APTs) to exploit it and take control of servers. The Canadian Centre for Cyber Security and Saudi Arabia's National Center issued alerts about this threat. A firewall rule was deployed by Cloudflare on the same day, allowing analysis of traffic before making a decision on default action. On May 13th, an immediate rule release was made to block malicious traffic for all customers. The vulnerability was found to be critical due to its potential impact on major software ecosystems and lack of stable patch from Microsoft at the time.