The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security vulnerability affecting Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild.
This vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with website owner permissions to execute arbitrary code.
“In a network-based attack, an authenticated attacker acting as the site owner could remotely execute code on SharePoint Server,” Microsoft said in an advisory. In the May 2023 Patch Tuesday update, Microsoft This defect is resolved.
More than two months ago, CISA added the privilege escalation flaw CVE-2023-29357 in SharePoint Server to its KEV directory.
It is worth pointing out that StarLabs SG demonstrated an exploit chain combining CVE-2023-29357 and CVE-2023-24955 at last year’s Pwn2Own Vancouver Hacking Competition, winning the researcher a $100,000 prize.
That said, there is currently no information on attacks that weaponized these two vulnerabilities and the threat actors that might exploit them.
Microsoft previously told The Hacker News that “Customers who enable automatic updates and enable the ‘Receive updates for other Microsoft products’ option in Windows Update settings are already protected.”
Federal Civilian Executive Branch (FCEB) agencies must apply these fixes by April 16, 2024 to protect their networks from active threats.
