CISA Adds Microsoft SharePoint Flaw to Known Exploited Vulnerabilities, Urges Immediate Patching
CISA Alert: Critical SharePoint Vulnerability Under Active Attack, Immediate Patching Required
Cybersecurity authorities have issued a stark warning for organizations using Microsoft SharePoint Server. A critical vulnerability, tracked as CVE-2023-29357, has been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) catalog of Known Exploited Vulnerabilities (KEV).
This action confirms that the flaw is not just a theoretical risk—it is being actively and maliciously exploited in the wild by threat actors. All organizations, particularly federal agencies, are being urged to apply the necessary security patches immediately to protect their networks from potential compromise.
Understanding the Threat: CVE-2023-29357 Explained
The vulnerability at the center of this alert is a critical privilege escalation flaw affecting Microsoft SharePoint Server. In simple terms, this security hole allows an unauthenticated attacker to bypass security checks and gain administrator-level privileges on a vulnerable server.
What makes this particularly dangerous is that attackers do not need any existing credentials or special access to exploit it. Once an attacker gains administrator rights, they can effectively take full control of the SharePoint server. This can lead to severe consequences, including:
- Complete data theft of sensitive corporate information.
- The ability to execute arbitrary code, allowing them to install malware or ransomware.
- Using the compromised server as a pivot point to launch further attacks across the internal network.
Security researchers have demonstrated that CVE-2023-29357 can be chained with another critical vulnerability (CVE-2023-24955) to achieve remote code execution (RCE) without any user interaction, making it an incredibly potent attack vector.
Why CISA’s KEV Catalog is a Major Warning Sign
When CISA adds a vulnerability to its KEV catalog, it serves as an official confirmation that the flaw has a documented history of active exploitation. This is not a theoretical list of potential dangers; it is a “most wanted” list of security holes that threat actors are actively using to attack organizations right now.
For U.S. Federal Civilian Executive Branch (FCEB) agencies, inclusion in the KEV catalog comes with a strict, non-negotiable deadline for remediation. This mandate underscores the severity of the threat and highlights the urgent need for all organizations—public and private—to prioritize patching.
Immediate Steps to Protect Your SharePoint Environment
Given the active exploitation of this vulnerability, waiting to patch is not an option. IT and security teams must take immediate action to mitigate this threat.
Apply Security Updates Immediately: Microsoft released a patch for CVE-2023-29357 in its June 2023 Patch Tuesday updates. If you have not yet applied these updates to your SharePoint Server 2019, 2016, or Subscription Edition, this must be your top priority.
Verify Patch Implementation: Do not just deploy the patch—verify that it has been successfully installed on all relevant servers. A failed or incomplete patch deployment leaves your organization just as vulnerable as before.
Assume Compromise and Hunt for Threats: Because this flaw is being exploited, organizations should operate under the assumption that they may have already been targeted. It is crucial to review server logs and network traffic for any unusual activity or indicators of compromise (IoCs) that could signal an attacker’s presence.
The message from security experts is clear: the risk posed by CVE-2023-29357 is significant and immediate. Proactive patching and vigilant monitoring are essential to defending against opportunistic attackers looking to exploit this critical SharePoint vulnerability.
Source: https://securityaffairs.com/180211/uncategorized/u-s-cisa-urges-to-immediately-patch-microsoft-sharepoint-flaw-adding-it-to-its-known-exploited-vulnerabilities-catalog.html
