Security News > 2024 > March > Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)
2024-03-28 10:20
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal civilian agencies implement the patch for it by April 16. As per usual, details about the attack in which the flaw is leveraged have not been shared. About CVE-2023-24955 and CVE-2023-29357 CVE-2023-24955 and CVE-2023-29357, a … More → The post Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/03/28/cve-2023-24955-exploited/
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- CISA orders federal agencies to secure their Microsoft cloud environments (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 0.0 |
| 2023-05-09 | CVE-2023-24955 | Code Injection vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 0.0 |