Security News > 2024 > March > CISA tags Microsoft SharePoint RCE bug as actively exploited
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.
These two SharePoint Server security vulnerabilities can be chained by unauthenticated attackers to gain RCE on unpatched servers, as STAR Labs researcher Nguyễn Tiến Giang demonstrated during last year's March 2023 Pwn2Own contest in Vancouver.
Although the PoC exploit did not allow attackers to gain remote code execution on targeted systems, threat actors could still modify it to complete the chain with CVE-2023-24955 exploitation capabilities for RCE attacks.
While CISA didn't share any details regarding attacks exploiting the two Sharepoint vulnerabilities, the cybersecurity agency did say it has no evidence they were used in ransomware attacks.
CISA: Critical Microsoft SharePoint bug now actively exploited.
Exploit released for Fortinet RCE bug used in attacks, patch now.
News URL
Related news
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- CISA orders federal agencies to secure their Microsoft cloud environments (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-09 | CVE-2023-24955 | Code Injection vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 0.0 |