CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

March 27, 2024 at 10:09AM

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Microsoft SharePoint Server, CVE-2023-24955, to its Known Exploited Vulnerabilities catalog. The flaw allows authenticated attackers with Site Owner privileges to execute arbitrary code. Federal agencies must apply the fixes by April 16, 2024, to secure their networks.

Key takeaways from the meeting notes on Newsroom Threat Intelligence/Network Security:

– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw to its Known Exploited Vulnerabilities (KEV) catalog, concerning the Microsoft Sharepoint Server, with evidence of active exploitation in the wild.
– The vulnerability, tracked as CVE-2023-24955 with a CVSS score of 7.2, is a critical remote code execution flaw allowing an authenticated attacker with Site Owner privileges to execute arbitrary code.
– Microsoft has addressed the flaw as part of its Patch Tuesday updates for May 2023.
– An exploit chain combining CVE-2023-29357 and CVE-2023-24955 was demonstrated at the Pwn2Own Vancouver hacking contest, earning the researchers a $100,000 prize.
– There is currently no information on the attacks weaponizing these two vulnerabilities and the threat actors exploiting them.
– Microsoft has advised that customers who have enabled automatic updates and ‘Receive updates for other Microsoft products’ are already protected.
– Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes by April 16, 2024, to secure their networks against active threats.

Stay updated with more exclusive content from us by following our Twitter and LinkedIn accounts.

Full Article