Security News > 2024 > March > Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal civilian agencies implement the patch for it by April 16. As per usual, details about the attack in which the flaw is leveraged have not been shared. About CVE-2023-24955 and CVE-2023-29357 CVE-2023-24955 and CVE-2023-29357, a … More → The post Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/03/28/cve-2023-24955-exploited/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 9.8 |
2023-05-09 | CVE-2023-24955 | Code Injection vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.2 |