Adrian Johnson
TLDR:
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security vulnerability in Microsoft SharePoint Server.
- An attacker could exploit the vulnerability to gain administrator privileges and execute a network attack.
- Microsoft released patches for the bug in June 2023, but federal agencies are recommended to apply the patches by January 31, 2024.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of an active exploitation of a critical security vulnerability in Microsoft SharePoint Server. The vulnerability, tracked as CVE-2023-29357, is a privilege escalation flaw that could allow an attacker to gain administrator privileges. Microsoft addressed the vulnerability in its June 2023 Patch Tuesday updates.
An attacker who gains access to spoofed JWT authentication tokens can use them to execute a network attack that bypasses authentication and allows them to gain access to the privileges of an authenticated user, according to Microsoft. The company has urged users to apply the patches by January 31, 2024, to protect against the active threat.
The vulnerability was demonstrated by security researcher Nguyễn Tiến Giang (Jang) of StarLabs SG at the Pwn2Own Vancouver hacking contest in 2023. The exploit chain combines authentication bypass (CVE-2023-29357) with a code injection bug (CVE-2023-24955) that was patched by Microsoft in May 2023. Tiến Giang said it took nearly a year of effort and research to develop the full exploit chain.
Details about the identity of the threat actors exploiting the vulnerability and the real-world exploitation techniques are currently unknown. However, federal agencies are urged to apply the patches promptly to mitigate the risk.
