Security News > 2023 > September > Exploit released for Microsoft SharePoint Server auth bypass flaw

Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation.

Janggggg successfully achieved RCE on a Microsoft SharePoint Server using this exploit chain during the March 2023 Pwn2Own contest in Vancouver, earning a $100,000 reward.

"The script outputs details of admin users with elevated privileges and can operate in both single and mass exploit modes," the exploit's developer says.

A YARA rule is also available to help network defenders analyze logs for signs of potential exploitation on their SharePoint servers using the CVE-2023-29357 PoC exploit.

Despite the existing exploit not granting immediate remote code execution capabilities, it is highly recommended to apply the security patches issued by Microsoft earlier this year as a preventive measure against potential attacks.

Exploit released for Ivanti Sentry bug abused as zero-day in attacks.

News URL

https://www.bleepingcomputer.com/news/security/exploit-released-for-microsoft-sharepoint-server-auth-bypass-flaw/