Share via

The SharePoint Server 2019 exposes multiple potentially vulnerable paths ie., _vti_inf.html, _layouts, and _vti_bin

Sai Charan GS 85 Reputation points
2025-01-23T10:27:23.69+00:00

Hi,
As I got to know that Sensitive Web Directories Exposed with Vulnerability's in my SharePoint server 2019 for the respective paths "_vti_inf.html", "_layouts", and "_vti_bin".

  1. _vti_inf.html: A legacy file from Microsoft FrontPage Server Extensions, which can leak server metadata and configuration details.
  2. _layouts: A SharePoint administrative folder that may allow unauthorized access or serve as an entry point for attacks like path traversal or XSS.
  3. _vti_bin: A virtual directory in SharePoint exposing web service endpoints, which attackers can misuse for reconnaissance, unauthorized access, or privilege escalation.

could you please suggest a best practice to protect my server from this and provide me the best answer.
as I feel "Restricting access to "_vti_inf","_layouts","_vti_bin" in open internet.
And also internally applying the principle of least privilege to limit access, would be best ?
If so, kindly provide me the steps.
I will be waiting for the best practical answer with accuracy of solving my issue.

Thank you in advance,
Sai Charan GS.

SharePoint Server
SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,413 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,984 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. RaytheonXie_MSFT 38,036 Reputation points Microsoft Vendor
    2025-01-24T06:56:56.5066667+00:00

    Hi @Sai Charan GS,

    Implementing least-privileged administration in SharePoint Server involves several key strategies to enhance security and control access effectively:

    1. Principle of Least Privilege: Assign permissions at the most granular level possible. Users should only have the minimum permissions necessary to perform their tasks.
    2. Role-Based Access Control (RBAC): Define roles based on job functions or responsibilities. Assign permissions to these roles rather than individual users to simplify management and ensure consistency.
    3. Permissions Inheritance: Utilize SharePoint's inheritance model where appropriate. This means granting permissions at the site collection level and allowing them to flow down to subsites and individual items, reducing the need for explicit permissions at lower levels.

    You could refer to following document

    https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/plan-for-least-privileged-administration

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.