The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability security threat affecting Microsoft SharePoint Server to its catalog of Known and Exploited Vulnerabilities (KEV), citing evidence of active exploitation.
Just not long ago, Microsoft had released the Patch Tuesday of January 2024, well apparently the problems are not over yet.
What is the problem with Microsoft SharePoint
The issue, identified as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain administrator privilegestherefore Microsoft has released patch for the bug as part of 's Patch Tuesday updates June 2023.
“An attacker who has gained access to forged JWT authentication tokens can use them to perform a network attack that bypasses authentication and allows them to gain access to the privileges of an authenticated user“Redmond said. “The attacker needs no privileges and the user does not need to take any action.”
Not needing administrator privileges is in itself very serious, it would mean that essentially anyone can enter with a “trick”.
Security researcher Nguyễn Tiến Giang (Jang) of StarLabs SG has established an exploitation of the flaw at the Pwn2Own Vancouver hacking contest, earning a $100,000 prize.
Pre-authenticated remote execution chain combines authentication bypass (CVE-2023-29357) with a code injection bug (CVE-2023-24955CVSS score: 7.2), the latter was fixed by Microsoft in May 2023.
The exploitation in question of SharePoint, you can see it via a video below.
“The process of discovering and creating the exploitation chain took almost a year of meticulous efforts and research to complete the entire chain of exploitation“, has made known Tiến Giang in a technical report published as late as September 2023.
Further details about the real-world use of CVE-2023-29357 and the identity of cybercriminals who may exploit it are currently unknown; however, federal agencies are recommended to apply patches by January 31, 2024, to protect against the active threat.
Cases similar to SharePoint have happened in the past
In the past, several similar cases have been recorded (like this one from SharePoint) of critical vulnerabilities affecting widely used software platforms
A significant example is represented by the attack on Microsoft Exchange Server in 2021, in which four separate vulnerabilities were exploited in an attack orchestrated by some cybercriminal; this episode highlighted the importance of quickly applying security patches to mitigate potential risks.
Another similar case occurs in 2017, ransomware WannaCry exploited a vulnerability in Windows to spread on a global scale, affecting organizations and institutions around the world.
These past cases highlight the need for proactive vulnerability management and timely implementation of security measures to protect digital infrastructures from increasingly sophisticated threats.
Underestimate system updates
Although it is true that updates can often cause problems, they are however the fruit of the work of programmers and the SharePoint case is no different, that is, it's not like you wake up one morning and say “well, I'll create Windows updates”, there are problems (that maybe you don't see, or you don't notice or they don't happen to you at all) and whoever is behind it all solves it.
I am trying to say If a thief steals the key to your front door, what do you do? Lock changes; the concept is similar.
#SharePoint #CISA #warning #software #problems
