Watch out Active exploitation of critical SharePoint vulnerability by CISA

January 13, 2024
1 min read

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Microsoft SharePoint to its list of actively exploited vulnerabilities, indicating that cybercriminals are actively targeting the vulnerability. The vulnerability, tracked as CVE-2023-29357, can result in remote code execution (RCE), and at least one ransomware group is known to have a working exploit for it. The vulnerability was first identified by security researcher Nguyễn Tiến Giang (Jang) of STAR Labs and was disclosed in March 2023. Microsoft released a patch for the vulnerability in June 2023, but CISA’s inclusion of it in the list means that it continues to be actively exploited.

The active exploitation of the vulnerability comes months after the publication of proof-of-concept code for it, which led security researchers to warn of the possibility of cybercriminals developing working exploits based on the code. However, the difficulty of chaining CVE-2023-29357 with another bug, CVE-2023-24955, may have contributed to the delay in active exploitation. Jang and his team spent nearly a year researching and developing the exploit chain, which earned Jang a $100,000 prize at the Pwn2Own contest. Microsoft addressed CVE-2023-29357 and CVE-2023-24955 with patches in June and May 2023, respectively, but manual, SharePoint-specific patches are required for proper protection.

Latest from Blog

44k Americans first to suffer data breach: Are you next?

TLDR: First American Financial Corporation disclosed a data breach affecting 44,000 individuals in December 2023. The company offered free credit monitoring and identity protection services to the affected individuals. The First American