Adrian Johnson
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Microsoft SharePoint to its list of actively exploited vulnerabilities, indicating that cybercriminals are actively targeting the vulnerability. The vulnerability, tracked as CVE-2023-29357, can result in remote code execution (RCE), and at least one ransomware group is known to have a working exploit for it. The vulnerability was first identified by security researcher Nguyễn Tiến Giang (Jang) of STAR Labs and was disclosed in March 2023. Microsoft released a patch for the vulnerability in June 2023, but CISA’s inclusion of it in the list means that it continues to be actively exploited.
The active exploitation of the vulnerability comes months after the publication of proof-of-concept code for it, which led security researchers to warn of the possibility of cybercriminals developing working exploits based on the code. However, the difficulty of chaining CVE-2023-29357 with another bug, CVE-2023-24955, may have contributed to the delay in active exploitation. Jang and his team spent nearly a year researching and developing the exploit chain, which earned Jang a $100,000 prize at the Pwn2Own contest. Microsoft addressed CVE-2023-29357 and CVE-2023-24955 with patches in June and May 2023, respectively, but manual, SharePoint-specific patches are required for proper protection.
