Security News > 2024 > January > Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew

Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list.

Without specifically identifying the gang, researcher Kevin Beaumont said that at least one ransomware group has a working exploit for the critical vulnerability, which can potentially achieve remote code execution although the US Cybersecurity and Infrastructure Security Agency said its use in ransomware campaigns is currently "Unknown."

Tracked as CVE-2023-29357, the SharePoint vulnerability in question was first identified by Nguy?n Ti?n Giang of Singaporean security house STAR Labs.

CVE-2023-29357 is a critical elevation of privileges vulnerability that carries a 9.8 severity score.

Researchers warned in September that the publication of the PoC code provided a foundation from which cybercriminals could build a working exploit, and it was highly important to patch both vulnerabilities as soon as possible.

According to an advisory from NHS Digital, there is currently no known PoC code for the RCE vulnerability circulating online so those exploiting it will have developed it themselves and kept it a secret, for now.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/12/microsoft_sharepoint_vuln_exploit/