The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new Microsoft Sharepoint Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling that hackers have begun exploiting it in the wild.
The vulnerability is tracked as CVE-2023-24955, and carries a severity score of 7.2. It is described as a critical remote code execution (RCE) flaw, that allows an authenticated threat actor, with Site Owner privileges, to execute arbitrary code on the vulnerable endpoints.
Such a vulnerability could be used for a number of things, from malware deployment, to information stealing.
FCEBs on a deadline
“In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server,” Microsoft said in an advisory.
The fix was released with the May 2023 Patch Tuesday cumulative update, so in case you skipped that one, you might want to reconsider. Those who have automatic updates enabled are most likely already protected, though.
Two months ago, CISA added a separate flaw, CVE-2023-29357, to KEV. This flaw was chained together with the newly-added RCE last year, at the Pwn2Own Vancouver hacking contest. StarLabs SG, who demonstrated how the two vulnerabilities could be combined for devastating effects, won $100,000 for their efforts.
While threat actors currently might be abusing these two, there is no evidence that anyone chained them together yet.
Federal Civilian Executive Branch (FCEB) agencies have until April 16 this year to apply the patch.
Microsoft SharePoint is a web-based collaborative platform, available through the Microsoft 365 productivity suite. It was first launched in 2001 as a document management and storage system. It was also used to share information via intranet. According to Microsoft’s 2020 figures, SharePoint had more than 200 million active monthly users, with Gitnux adding that 80% of Fortune 500 companies use the tool.
Via TheHackerNews