US federal agencies are required to update outdated software by the end of January.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw affecting Microsoft SharePoint Server to its catalog of Known Exploited vulnerabilities (KEV). This decision was made based on data on the active use of this vulnerability.
The issue, designated CVE-2023-29357 with a critical CVSS rating of 9.8 points, is a privilege escalation bug that can be used by attackers to gain administrator rights. Microsoft released a patch that addresses this issue back in June 2023, but hackers are still actively using it to attack vulnerable instances of SharePoint Server.
In the course of exploiting the vulnerability, an attacker who has gained access to fake JWT tokens can use them to carry out a network attack, bypassing the authentication system and gaining access to the privileges of an authenticated user. To do this, the attacker does not need any rights, and the user does not need to take any actions.
The remote code execution chain combines an authentication bypass vulnerability ( CVE-2023–29357 ) and code injection (CVE-2023-24955, CVSS 7.2). The latter was eliminated in May 2023.
Security specialist Nguyen Tien Jang of StarLabs SG noted in his technical report published in September 2023 that the process of detecting and developing this chain of exploitation took almost a year of intensive research.
Specific details of the actual use of CVE-2023–29357, as well as the identity of the attackers exploiting this vulnerability, are currently unknown. However, US federal agencies are advised to apply all necessary patches by January 31, 2024 to protect against this active threat.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw affecting Microsoft SharePoint Server to its catalog of Known Exploited vulnerabilities (KEV). This decision was made based on data on the active use of this vulnerability.
The issue, designated CVE-2023-29357 with a critical CVSS rating of 9.8 points, is a privilege escalation bug that can be used by attackers to gain administrator rights. Microsoft released a patch that addresses this issue back in June 2023, but hackers are still actively using it to attack vulnerable instances of SharePoint Server.
In the course of exploiting the vulnerability, an attacker who has gained access to fake JWT tokens can use them to carry out a network attack, bypassing the authentication system and gaining access to the privileges of an authenticated user. To do this, the attacker does not need any rights, and the user does not need to take any actions.
The remote code execution chain combines an authentication bypass vulnerability ( CVE-2023–29357 ) and code injection (CVE-2023-24955, CVSS 7.2). The latter was eliminated in May 2023.
Security specialist Nguyen Tien Jang of StarLabs SG noted in his technical report published in September 2023 that the process of detecting and developing this chain of exploitation took almost a year of intensive research.
Specific details of the actual use of CVE-2023–29357, as well as the identity of the attackers exploiting this vulnerability, are currently unknown. However, US federal agencies are advised to apply all necessary patches by January 31, 2024 to protect against this active threat.
