October 23, 2024 at 03:35PM
A deserialization vulnerability in Microsoft SharePoint, CVE-2024-38094, is actively exploited, allowing attackers to inject code remotely. CISA added it to its catalog, urging timely remediation for all organizations. Microsoft previously patched the issue, emphasizing the need for swift action, especially for federal agencies by November 12.
### Meeting Takeaways
1. **Active Exploitation of SharePoint Bug**:
– A deserialization vulnerability in Microsoft SharePoint (CVE-2024-38094) is currently under active exploitation, as identified by CISA.
2. **Vulnerability Catalog**:
– CISA has added CVE-2024-38094 to its Known Exploited Vulnerabilities Catalog, with the note that it is unknown if this flaw is being utilized in ransomware campaigns.
3. **Initial Patch Released**:
– Microsoft initially addressed the vulnerability in its July Patch Tuesday update. Although it wasn’t flagged as exploited at that time, Microsoft indicated that the likelihood of exploitation was “more likely.”
4. **Risk Assessment**:
– The vulnerability allows an authenticated attacker with Site Owner permissions to inject and execute arbitrary code within the SharePoint Server context. It has a CVSS severity rating of 7.2, classified as “important.”
5. **Proof-of-Concept Available**:
– There is at least one proof-of-concept exploit available, increasing the risk of further abuse of this vulnerability by malicious actors.
6. **Urgent Recommendation for Federal Agencies**:
– All Federal Civilian Executive Branch (FCEB) agencies must apply the Microsoft fix for this vulnerability no later than November 12. CISA recommends that all organizations prioritize timely remediation of vulnerabilities listed in its catalog to mitigate the risk of cyberattacks.
7. **Additional SharePoint Flaws**:
– Microsoft also addressed two critical vulnerabilities (CVE-2024-38018 and CVE-2024-43464) during the September Patch Tuesday, which could allow code execution by attackers with Site Member and Site Owner permissions.
### Action Items
– **Immediate Patching**: Organizations, especially FCEB agencies, should prioritize applying the Microsoft patch for CVE-2024-38094 before the deadline.
– **Monitor Vulnerabilities**: Keep an eye on additional vulnerabilities and remain proactive in applying future patches.
### Recommendation
– **Prioritize Cybersecurity Measures**: Organizations are strongly urged to enhance their cybersecurity posture by swiftly addressing known vulnerabilities.