CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

12.01.2024


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included a critical security vulnerability affecting Microsoft SharePoint Server in its Known Exploited Vulnerabilities (KEV) catalog, highlighting evidence of ongoing exploitation.

Identified as CVE-2023-29357 with a CVSS score of 9.8, this is a privilege escalation flaw that could enable an attacker to attain administrator privileges. Microsoft addressed this vulnerability through patches released in its June 2023 Patch Tuesday updates.

According to Microsoft, “An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user. The attacker needs no privileges nor does the user need to perform any action.”

Security researcher Nguyễn Tiến Giang (Jang) from StarLabs SG demonstrated an exploit for this flaw at the Pwn2Own Vancouver hacking contest, earning a $100,000 prize. The exploit involves a pre-authenticated remote code execution chain that combines authentication bypass (CVE-2023–29357) with a code injection bug (CVE-2023-24955, CVSS score: 7.2), the latter of which Microsoft patched in May 2023.

Tiến Giang noted in a technical report published in September 2023 that “The process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain.”

While specific details about real-world exploitation of CVE-2023–29357 and the identity of potential threat actors remain unknown, federal agencies are strongly advised to apply the provided patches by January 31, 2024, to safeguard against the active threat.

Other news

Mandiant’s Twitter Account Restored After Six-Hour Crypto Scam Hack – 05.01.2024

American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam.

Read More

Three people indicted in $400 million FTX crypto hack conspiracy

Three people were indicted for an identity theft conspiracy that allegedly included the $400 million hack from FTX on the same day in November 2022 that the doomed cryptocurrency exchange filed for bankruptcy protection, court records show.

Read More
en_USEnglish