In a recent development on January 12, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms by adding a critical security vulnerability associated with Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog.
The severity of this issue, identified as CVE-2023-29357 with a concerning CVSS score of 9.8, underscores the urgency for organizations to take immediate action.
This vulnerability represents a privilege escalation flaw, which, if exploited, could empower an attacker to gain administrator privileges. Microsoft responded to this threat by releasing patches during its June 2023 Patch Tuesday updates. The Redmond-based tech giant highlighted the exploit’s nature, stating, “An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user.” Importantly, this attack vector requires no additional privileges, and the user is not required to perform any action, making it particularly dangerous.
Security researcher Nguyễn Tiến Giang (Jang) of StarLabs SG demonstrated the exploit at the Pwn2Own Vancouver hacking contest, earning a substantial $100,000 prize. The exploit showcased a pre-authenticated remote code execution chain that combines authentication bypass (CVE-2023–29357) with a code injection bug (CVE-2023-24955, CVSS score: 7.2), the latter of which was patched in May 2023. Tiến Giang emphasized the extensive effort and meticulous research that went into discovering and crafting this exploit chain, spanning almost a year.
Despite the technical prowess demonstrated in exploiting this vulnerability, specific details about real-world exploitation and the identity of potential threat actors remain unknown. However, CISA is not taking any chances and has issued a strong recommendation for federal agencies to apply the provided patches by January 31, 2024. This urgency emphasizes the active threat landscape and the need for swift mitigation measures to safeguard critical systems.
The collaboration between CISA and Microsoft in addressing this vulnerability showcases the importance of public-private partnerships in ensuring cybersecurity. Microsoft’s prompt release of patches following the identification of the vulnerability reflects its commitment to securing its products and protecting users from potential cyber threats.
For organizations utilizing MS SharePoint Server, the imperative is clear – prioritize the application of these patches to mitigate the risk of exploitation. Failure to do so may expose critical systems to unauthorized access and potential compromise.
As the world becomes increasingly interconnected, such vulnerabilities pose significant risks not only to individual organizations but also to the broader cybersecurity landscape. The proactive response from CISA and Microsoft serves as a reminder of the ongoing efforts required to stay ahead of cyber threats and the necessity for continuous vigilance in the face of evolving cybersecurity challenges.
In conclusion, the convergence of CISA’s vigilance, Microsoft’s responsiveness, and the proactive measures recommended for federal agencies underscores the seriousness of the Microsoft SharePoint vulnerability. Organizations are strongly advised to act promptly, applying the provided patches to fortify their defenses against this actively exploited threat.
Interesting Article : Bosch Automotive Production Lines on Hacker’s Target
Pingback: Bosch Automotive Production Lines on Hacker's Target -
Pingback: Critical : RCE in Juniper Firewalls & Switches -