Security
Headlines
HeadlinesLatestCVEs

Headline

CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)

By Deeba Ahmed Critical Microsoft SharePoint Flaw Exploited: Patch Now, CISA Urges! This is a post from HackRead.com Read the original post: CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)

HackRead
#vulnerability#ios#microsoft#git#rce#auth#zero_day#chrome

Critical Microsoft SharePoint Server Flaw (CVE-2023-24955) Actively Exploited! CISA Urges Patch by April 16th. Learn why patching is crucial and how to secure your servers.

The Cybersecurity and Infrastructure Security Agency (CISA) is urging all US federal civilian agencies to patch a critical vulnerability (tracked as CVE-2023-24955) in the Microsoft SharePoint Server by April 16, 2024.

CISA has added CVE-2023-24955 to its Known Exploited Vulnerabilities (KEV) catalogue after confirming its active exploitation in the wild.

For your information CISA’s KEV catalog is designed for US Federal Civilian Executive Branch (FCEB) agencies but can be utilized by all organizations, including private ones, to enhance their vulnerability management efforts.

****Vulnerability Details****

CVE-2023-24955 (CVSS score 7.2) is a code injection vulnerability allowing remote code execution (RCE) on vulnerable Microsoft SharePoint servers. An authenticated attacker with Site Owner privileges can execute arbitrary code remotely on SharePoint servers. This means attackers could potentially take full control of affected systems, steal data, or launch further attacks within a network. It is a critical flaw already addressed by Microsoft in its May 2023 Patch Tuesday updates.

Why Such Urgency

CISA’s demand for an immediate patch reflects the potential for widespread damage if the vulnerability is not addressed. CISA has warned about two Microsoft SharePoint code injection vulnerabilities, CVE-2023-24955 and CVE-2023-29357 (a privilege escalation flaw in SharePoint Server), being exploited by malicious cyber actors, posing significant risks to federal enterprises. It is worth noting that CVE-2023-29357 was added to CISA’s KEV list in January 2024.

STAR Labs’ security researcher Nguyễn Tiến Giang (Janggggg) exploited both CVE-2023-24955 and CVE-2023-29357 in March 2023 at Pwn2Own Vancouver to achieve pre-authentication RCE on a patched device running SharePoint 2019, earning a $100,000 reward. Giang published a technical analysis and PoC exploit in December 2023 whereas in September 2023, a standalone PoC exploit for CVE-2023-29357 was published on GitHub.

Microsoft released patches in May and June 2023 to address both issues. However, it seems some organizations, including US federal agencies, have not yet applied the patch.

****What Should Users Do?****

This incident underscores the importance of timely patching for critical vulnerabilities and the potential impact of such vulnerabilities on government agencies.

Microsoft SharePoint Server users, particularly those in high-risk environments such as government agencies, are advised to patch their systems immediately, enable two-factor authentication, and keep software updated to minimize the risk of similar attacks.

****Expert Opinion****

Cybersecurity expert Ray Kelly from the Synopsys Software Integrity Group emphasizes the importance of patching and updating software regularly, especially for private and public-facing servers handling sensitive data.

“This CISA advisory highlights the importance of patching and updating your software regularly, especially for private and public-facing servers that handle sensitive data. These chained vulnerabilities are very serious because they allow attackers to circumvent authentication and execute code remotely on vulnerable servers,” Ray explained.

“However, it’s important to point out that security patches for these vulnerabilities have been available since last Summer. The fact that CISA is now warning us about active exploitation indicates that many organizations have failed to apply the necessary security updates promptly. Malicious actors will always look for the easy targets and an unpatched server will always be easing pickings for them,” he added.

  1. CISA and Fortinet Warns of New FortiOS Zero-Day Flaws
  2. CISA Warns of Exploited Vulnerabilities in Chrome Browser
  3. CISA Advisories Highlight Vulnerabilities in Top ICS Products
  4. CISA Publishes List of Free Cybersecurity Tools and Services
  5. CISA Warns of Flaws in Propump , Controls’ Osprey Pump Controller

Related news

Sharepoint Dynamic Proxy Generator Remote Command Execution

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled...

Sharepoint Dynamic Proxy Generator Remote Command Execution

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled...

November 2023 – January 2024: New Vulristics Features, 3 Months of Microsoft Patch Tuesdays and Linux Patch Wednesdays, Year 2023 in Review

Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Microsoft Fixes 69 Bugs, but None Are Zero-Days

The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser

Microsoft fixes six critical vulnerabilities in June Patch Tuesday

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: patch Tuesday Tags: CVE-2023-29357 Tags: CVE-2023-29363 Tags: CVE-2023-32014 Tags: CVE-2023-32015 Tags: CVE-2023-32013 Tags: CVE-2023-24897 Tags: CVE-2023-32031 Tags: SharePoint Tags: PGM Tags: Exchange Tags: Hyper-V Patch Tuesday of June 2023 is relatively relaxed. No actively exploited zero-days and only six critical vulnerabilities. (Read more...) The post Microsoft fixes six critical vulnerabilities in June Patch Tuesday appeared first on Malwarebytes Labs.

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Microsoft Patch Tuesday, June 2023 Edition

Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.

Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP, NFS RCE, PGM RCE, LDAP RCE, SharePoint RCE

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. It’s been a […]

CVE-2023-24955

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years

One of the vulnerabilities is being actively exploited in the wild, according to Microsoft, the fourth month in a row in which this is the case.

CVE-2023-24955: Microsoft SharePoint Server Remote Code Execution Vulnerability

**How could an attacker exploit the vulnerability?** In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server.