Security News > 2024 > January > CISA: Critical Microsoft SharePoint bug now actively exploited
CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.
This Microsoft SharePoint Server exploit chain was successfully demoed by STAR Labs researcher Jang during last year's March 2023 Pwn2Own contest in Vancouver, earning a $100,000 reward.
Even though the exploit does not grant remote code execution on targeted systems, since it's not a complete exploit for the chain demoed at Pwn2Own, its author said attackers could chain it with the CVE-2023-24955 bug themselves for RCE. "The script outputs details of admin users with elevated privileges and can operate in both single and mass exploit modes," the PoC exploit's developer says.
While it has yet to provide additional details on CVE-2023-29357 active exploitation, CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog and now requires U.S. federal agencies to patch it by the end of the month, on January 31.
Ivanti warns of Connect Secure zero-days exploited in attacks.
Cisco says critical Unity Connection bug lets attackers get root.
News URL
Related news
- Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 9.8 |
| 2023-05-09 | CVE-2023-24955 | Code Injection vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.2 |