The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new Microsoft Sharepoint Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that hackers have begun exploiting it in the wild.
The vulnerability is tracked as CVE-2023-24955 and has a severity score of 7.2. It is described as a critical Remote Code Execution (RCE) flaw, which could allow an authenticated threat actor, with site owner privileges, to execute arbitrary code on the vulnerable endpoints.
Such a vulnerability can be used for a number of things, from deploying malware to stealing information.
FCEBs with a deadline
“In a network-based attack, an authenticated attacker as a site owner could remotely execute code on the SharePoint server,” Microsoft said in an advisory.
The fix was released with the May 2023 Patch Tuesday cumulative update, so if you skipped that you might want to reconsider. Those who have automatic updates enabled are likely already protected.
Two months ago, CISA added a separate flaw, CVE-2023-29357, to KEV. This bug was linked to the newly added RCE during the Pwn2Own hacking competition in Vancouver last year. StarLabs SG, which demonstrated how the two vulnerabilities could combine with devastating consequences, won $100,000 for their efforts.
While threat actors may currently be exploiting these two, there is no evidence yet that anyone has chained them together.
Federal Civilian Executive Branch (FCEB) agencies have until April 16 this year to apply the patch.
Microsoft SharePoint is a web-based collaboration platform, available through the Microsoft 365 productivity suite. It was first launched in 2001 as a document management and storage system. It was also used to share information via intranet. According to Microsoft’s 2020 figures, SharePoint had over 200 million active monthly users Gitnux adding that 80% of Fortune 500 companies use the tool.
Through The HackerNews