Patch Now: CISA Adds New Microsoft SharePoint Server Vulnerability on its Catalog

In light of reports of active exploitation in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Sharepoint Server security flaw to its list of Known Exploited Vulnerabilities (KEV).

This critical remote code execution vulnerability, with the tracking number CVE-2023-24955 and a CVSS score of 7.2, lets an authenticated attacker with Site Owner privileges execute arbitrary code.

Microsoft addressed this vulnerability in its May 2023 security updates.

The inclusion of CVE-2023-24955 in CISA’s catalog follows the earlier addition of another SharePoint flaw, CVE-2023-29357, which involves privilege escalation.

CVE-2023-29357 & CVE-2023-24955 can be used in exploit

Interestingly, a hacking team demonstrated using these two vulnerabilities together in an exploit at the Pwn2Own Vancouver contest, earning a $100,000 reward, says The Hacker News.

At this time, there’s no available data regarding specific incidents that have exploited these vulnerabilities or any information about the attackers involved.

Microsoft states that users who have activated automatic updates and selected the ‘Receive updates for other Microsoft products’ in their Windows Update preferences are protected.

To protect against this ongoing risk, Federal Civilian Executive Branch (FCEB) agencies must implement the recommended patches by April 16, 2024.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice.

CISA Alert (source)

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.