The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently flagged a critical security flaw impacting the Microsoft SharePoint Server, escalating it to the Known Exploited Vulnerabilities (KEV) list. This move comes in response to compelling evidence indicating ongoing exploitation of this vulnerability in the wild against the Microsoft Sharepoint Server, underlining the severity and urgency of the situation.
The vulnerability, identified by the tracking number CVE-2023-24955 and carrying a CVSS score of 7.2, poses a considerable risk. It enables an authenticated attacker possessing Site Owner privileges to execute arbitrary code, amplifying the potential impact of exploitation.
According to an advisory issued by Microsoft, “In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server.” Microsoft patched the vulnerability as part of the Patch Tuesday updates released for May 2023.
The new development emerges over two months following the inclusion of CVE-2023-29357 by the Computer Security Institute (CISA) in their KEV catalogue. This SharePoint Vulnerability, identified in the Server, facilitates privilege escalation.
During the Pwn2Own Vancouver hacking competition that took place in the previous year, StarLabs SG demonstrated an exploit chain that included CVE-2023-29357 and CVE-2023-24955. This exploit chain earned the researchers a prize of $100,000. It’s worth noting that this exploit chain was actively demonstrated.
There is currently no information on the attacks weaponizing these two vulnerabilities and the threat actors that may be exploiting them.
Microsoft, in an earlier statement, stated that “customers who have enabled automatic updates and enabled the ‘Receive updates for other Microsoft products’ option within their Windows Update settings are already protected.”
In order to protect their networks from active attacks, entities that fall under the jurisdiction of the Federal Civilian Executive Branch (FCEB) are obligated to implement the solutions by the 16th of April in 2024.
In conclusion, identifying and promptly mitigating this SharePoint Vulnerability is critical in ensuring the security of organizational networks. With the emergence of exploits in events like Pwn2Own Vancouver and ongoing threats in the cyber landscape, it is imperative for entities, especially those under the Federal Civilian Executive Branch, to stay vigilant and adhere to recommended security measures. By promptly implementing necessary patches and updates, organizations can significantly mitigate the risk posed by such vulnerabilities and safeguard their networks against potential cyber threats.
SOURCE:
CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (thehackernews.com)
Contact us if you have any questions or concerns.