Source URL: https://www.theregister.com/2024/10/23/microsoft_sharepoint_rce_exploited/
Source: The Register
Title: Microsoft SharePoint RCE flaw exploits in the wild – you’ve had 3 months to patch
Feedly Summary: Plus, a POC to make it extra easy for attackers
A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency (CISA).…
AI Summary and Description: Yes
Summary: The text discusses a critical security vulnerability in Microsoft SharePoint that allows code injection, categorized as CVE-2024-38094. CISA has included this vulnerability in its Known Exploited Vulnerabilities Catalog due to ongoing exploitation threats. This incident underlines the necessity for timely software patching to mitigate risks, particularly for federal agencies.
Detailed Description: The provided text highlights a significant vulnerability affecting Microsoft SharePoint, specifically identified as CVE-2024-38094. Below are the major points regarding this issue:
– **Vulnerability Overview**: The vulnerability allows an authenticated attacker with Site Owner permissions to inject arbitrary code and execute it within the context of the SharePoint Server. This presents a serious security risk as it can potentially lead to unauthorized access and control over the SharePoint environment.
– **Exploitation Status**: The US Cybersecurity and Infrastructure Security Agency (CISA) has monitored this vulnerability, indicating that it is currently under active exploitation. The risk is exacerbated by the presence of a proof-of-concept exploit that is publicly available, allowing attackers to execute the code without needing to create it themselves.
– **Security Assessment**: Microsoft has rated the vulnerability as ‘important’ with a CVSS severity score of 7.2 out of 10, emphasizing its potential impact. Although Microsoft initially patched this vulnerability in July, it did not flag it as being exploited at that time, suggesting there may have been a lack of awareness regarding its severity among users.
– **Compliance Mandate**: As this vulnerability has been included in CISA’s Known Exploited Vulnerabilities Catalog, it triggers mandatory patching requirements for all Federal Civilian Executive Branch (FCEB) agencies by November 12. CISA has strongly urged all organizations, not just federal agencies, to prioritize remediation of such vulnerabilities to mitigate the exposure to cyberattacks.
– **Further Context**: The article notes that there are additional critical flaws in SharePoint (CVE-2024-38018 and CVE-2024-43464) that were addressed in subsequent security updates, underscoring the ongoing risk faced by SharePoint installations and the necessity for organizations to stay updated with security patches.
Overall, this text serves as a critical reminder for security professionals to remain vigilant about patch management and to prioritize the prompt application of security updates to protect against exploitable vulnerabilities in their systems.