January 12, 2024 at 02:49PM
Security experts have warned about a ransomware group exploiting a critical Microsoft SharePoint vulnerability, CVE-2023-29357, which can lead to remote code execution. This vulnerability was added to the US’s must-patch list, giving agencies three weeks to patch it. The exploit chain has been a concern, and patching is crucial to prevent potential attacks.
Based on the meeting notes provided, the key takeaways are as follows:
– Security experts have identified a critical Microsoft SharePoint vulnerability, tracked as CVE-2023-29357, which has been exploited by at least one ransomware group.
– The vulnerability carries a severity score of 9.8 and allows for remote code execution (RCE) and elevation of privileges (EoP).
– The exploit chain for CVE-2023-29357 was developed by Nguyễn Tiến Giang and was demonstrated at a Pwn2Own contest, earning him a $100,000 prize.
– It was noted that when proof of concept (PoC) code is published for a vulnerability, cybercriminals may quickly develop working exploits, leading to a surge in attacks. However, in this case, there was a delay in exploitation due to the complexity of chaining CVE-2023-29357 together with CVE-2023-24955.
– It is emphasized that applying the June 2023 Patch Tuesday updates alone will not automatically protect organizations, and manual, SharePoint-specific patches are required.
– Both vulnerabilities were designated with an “exploitation more likely” status and “low” attack complexity by Microsoft, with CVE-2023-29357 being more severe than CVE-2023-24955.
– There is currently no known proof of concept (PoC) code for the RCE vulnerability of CVE-2023-24955 circulating online.
These takeaways highlight the urgency for organizations to patch both vulnerabilities and be vigilant against potential ransomware attacks leveraging these exploits.