Security News > 2024 > January > Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew

Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew
2024-01-12 19:34

Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US's must-patch list.

Without specifically identifying the gang, researcher Kevin Beaumont said that at least one ransomware group has a working exploit for the critical vulnerability, which can potentially achieve remote code execution although the US Cybersecurity and Infrastructure Security Agency said its use in ransomware campaigns is currently "Unknown."

Tracked as CVE-2023-29357, the SharePoint vulnerability in question was first identified by Nguy?n Ti?n Giang of Singaporean security house STAR Labs.

CVE-2023-29357 is a critical elevation of privileges vulnerability that carries a 9.8 severity score.

Researchers warned in September that the publication of the PoC code provided a foundation from which cybercriminals could build a working exploit, and it was highly important to patch both vulnerabilities as soon as possible.

According to an advisory from NHS Digital, there is currently no known PoC code for the RCE vulnerability circulating online so those exploiting it will have developed it themselves and kept it a secret, for now.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/12/microsoft_sharepoint_vuln_exploit/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-29357 Unspecified vulnerability in Microsoft Sharepoint Server 2019
Microsoft SharePoint Server Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
9.8