The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently flagged a critical security flaw impacting the Microsoft SharePoint Server, escalating it to the Known Exploited Vulnerabilities (KEV) list. This move comes in response to compelling evidence indicating ongoing exploitation of this vulnerability in the wild against the Microsoft Sharepoint Server, underlining the severity and urgency of the situation.
The vulnerability, identified by the tracking number CVE-2023-24955 and carrying a CVSS score of 7.2, poses a considerable risk. It enables an authenticated attacker possessing Site Owner privileges to execute arbitrary code, amplifying the potential impact of exploitation.
Microsoft Reveals Russian Hackers Accessed Customer Secrets And Source Code
According to an advisory issued by Microsoft, “In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server.” Microsoft patched the vulnerability as part of the Patch Tuesday updates released for May 2023.
The new development emerges over two months following the inclusion of CVE-2023-29357 by the Computer Security Institute (CISA) in their KEV catalogue. This SharePoint Vulnerability, identified in the Server, facilitates privilege escalation.
During the Pwn2Own Vancouver hacking competition that took place in the previous year, StarLabs SG demonstrated an exploit chain that included CVE-2023-29357 and CVE-2023-24955. This exploit chain earned the researchers a prize of $100,000. It’s worth noting that this exploit chain was actively demonstrated.
At this time, there is no information available on the assaults that are weaponizing these two vulnerabilities, nor is there any information regarding the threat actors that may be using them.
In an earlier statement to The Hacker News, Microsoft stated that “customers who have enabled automatic updates and enabled the ‘Receive updates for other Microsoft products’ option within their Windows Update settings are already protected.”
In order to protect their networks from active attacks, entities that fall under the jurisdiction of the Federal Civilian Executive Branch (FCEB) are obligated to implement the solutions by the 16th of April in 2024.
In conclusion, identifying and promptly mitigating this SharePoint Vulnerability is critical in ensuring the security of organizational networks. With the emergence of exploits in events like Pwn2Own Vancouver and ongoing threats in the cyber landscape, it is imperative for entities, especially those under the Federal Civilian Executive Branch, to stay vigilant and adhere to recommended security measures. By promptly implementing necessary patches and updates, organizations can significantly mitigate the risk posed by such vulnerabilities and safeguard their networks against potential cyber threats.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.