Active Exploitation of Critical Vulnerability in Microsoft SharePoint Server

Published on 15 Jan 2024

Microsoft had previously released updates addressing a critical vulnerability (CVE-2023-29357) in Microsoft SharePoint Server. The vulnerability is reportedly being actively exploited and has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain administrative privileges over the compromised server.

The vulnerability affects Microsoft SharePoint Server 2019.

CVE-2023-29357 may also be chained with another vulnerability (CVE-2023-24955) to achieve remote code execution capabilities for the attacker. The proof-of-concept exploit chaining these two vulnerabilities are publicly available.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955

https://www.bleepingcomputer.com/news/security/cisa-critical-microsoft-sharepoint-bug-now-actively-exploited/?fbclid=IwAR3AQBKhF9jGuxAdr3aGf7K8FH3W0fVCupnOC0s3ZGXBwMEs6mw2mkpH5mU_aem_AcZyq88-dmaDeMD9etpu7B-hZmKeyKSVxz07muHhquWoTd1y8T0_uxDmPzY7MFc-NKg
Tags
Alerts Alerts & Advisories
Share