Malicious actors often exploit major events to target the general public. Events that attract a large audience can be used as a platform to distribute malicious emails, links, and other forms of communication. As March Madness approaches, security leaders advise organizations to educate their employees about the potential risks associated with phishing campaigns and scams. […]
Critical Microsoft SharePoint Server Flaw (CVE-2023-24955) Actively Exploited! CISA Urges Patch by April 16th. Learn why patching is crucial and how to secure your servers.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging all US federal civilian agencies to patch a critical vulnerability (tracked as CVE-2023-24955) in the Microsoft SharePoint Server by April 16, 2024.
CISA has added CVE-2023-24955 to its Known Exploited Vulnerabilities (KEV) catalogue after confirming its active exploitation in the wild.
For your information CISA’s KEV catalog is designed for US Federal Civilian Executive Branch (FCEB) agencies but can be utilized by all organizations, including private ones, to enhance their vulnerability management efforts.
Vulnerability Details
CVE-2023-24955 (CVSS score 7.2) is a code injection vulnerability allowing remote code execution (RCE) on vulnerable Microsoft SharePoint servers. An authenticated attacker with Site Owner privileges can execute arbitrary code remotely on SharePoint servers. This means attackers could potentially take full control of affected systems, steal data, or launch further attacks within a network. It is a critical flaw already addressed by Microsoft in its May 2023 Patch Tuesday updates.
Why Such Urgency
CISA’s demand for an immediate patch reflects the potential for widespread damage if the vulnerability is not addressed. CISA has warned about two Microsoft SharePoint code injection vulnerabilities, CVE-2023-24955 and CVE-2023-29357 (a privilege escalation flaw in SharePoint Server), being exploited by malicious cyber actors, posing significant risks to federal enterprises. It is worth noting that CVE-2023-29357 was added to CISA’s KEV list in January 2024.
STAR Labs’ security researcher Nguyễn Tiến Giang (Janggggg) exploited both CVE-2023-24955 and CVE-2023-29357 in March 2023 at Pwn2Own Vancouver to achieve pre-authentication RCE on a patched device running SharePoint 2019, earning a $100,000 reward. Giang published a technical analysis and PoC exploit in December 2023 whereas in September 2023, a standalone PoC exploit for CVE-2023-29357 was published on GitHub.
Microsoft released patches in May and June 2023 to address both issues. However, it seems some organizations, including US federal agencies, have not yet applied the patch.
What Should Users Do?
This incident underscores the importance of timely patching for critical vulnerabilities and the potential impact of such vulnerabilities on government agencies.
Microsoft SharePoint Server users, particularly those in high-risk environments such as government agencies, are advised to patch their systems immediately, enable two-factor authentication, and keep software updated to minimize the risk of similar attacks.
Expert Opinion
Cybersecurity expert Ray Kelly from the Synopsys Software Integrity Group emphasizes the importance of patching and updating software regularly, especially for private and public-facing servers handling sensitive data.
“This CISA advisory highlights the importance of patching and updating your software regularly, especially for private and public-facing servers that handle sensitive data. These chained vulnerabilities are very serious because they allow attackers to circumvent authentication and execute code remotely on vulnerable servers,” Ray explained.
“However, it’s important to point out that security patches for these vulnerabilities have been available since last Summer. The fact that CISA is now warning us about active exploitation indicates that many organizations have failed to apply the necessary security updates promptly. Malicious actors will always look for the easy targets and an unpatched server will always be easing pickings for them,” he added.
New research by Silverfort has uncovered that a majority of businesses synchronize on-premises passwords with cloud environments, compromising the security of the cloud setup. This migration of on-premises vulnerabilities to the cloud environment creates a loophole that malicious actors can exploit. As organizations increasingly transition to cloud environments over the past decade, many have failed […]
According to researchers at Netcraft, a new phishing-as-a-service platform called darcula has been discovered. This platform, operating on over 20,000 phishing domains, provides cybercriminals with access to phishing templates and simplifies the deployment of phishing sites. Unlike other similar platforms, darcula has the ability to update in place, allowing for the incorporation of new features […]
A recent report by Dice analyzed the experiences of women in technology. According to the report, women technology professionals are more likely to be actively seeking a new job (38%) compared to men (30%). Women in tech still earn approximately 71 cents on the dollar compared to men with the same level of education, with […]
Wilder World, a massively multiplayer online metaverse, is now available for wishlisting on the Epic Games Store, a digital distribution platform launched by the studio behind Unreal Engine. Players will soon be invited to explore Wiami, a virtual city where ancient wisdom meets futuristic innovation. As a decentralized virtual world, Wilder World challenges players to […]
Netcraft Report Uncovers “Darcula” Platform Targeting Postal Services Worldwide via iMessage & RCS Phishing. Discover how USPS & global services are under attack and learn essential protection measures. A new report by cybersecurity firm Netcraft has discovered a sophisticated phishing-as-a-service (PhaaS) platform called “Darcula.” This platform is being used to launch large-scale smishing attacks targeting […]
A recent letter from the White House states that critical infrastructure, specifically water and wastewater systems, is a major target for foreign state-sponsored threat actors. In this letter, the White House requested the cooperation of governors and invited state environmental, homeland security, and health agencies to a meeting to discuss the cybersecurity of the nation’s […]
A report by Keeper Security contains a survey of more than 800 global IT professionals and security executives, revealing key trends in the cybersecurity landscape. Notably, 92% of IT leaders surveyed state that cyberattacks have grown in frequency since 2023. As a result, cybersecurity may prove to become increasingly complex in 2024. Security leaders are […]
In the first two installments of this blog series (Part 1 and Part 2), we explored some high-level concepts related to browser extensions and their security implications and then how we went about analyzing them. In this third blog we explore some of our findings and general recommendations on whether or not you should click […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC