On Wednesday, the Cybersecurity and Infrastructure Safety Company (CISA) added a privilege escalation vulnerability affecting Microsoft SharePoint servers to its listing of Recognized Exploited Vulnerabilities (KEV).
SharePoint is a well-liked, cloud-based doc administration and storage system, which can also be variously utilized by firms to implement inside purposes and enterprise processes, and share sources by way of an intranet. As just lately as 2020, it loved greater than 200 million lively month-to-month customers.
The newest addition to KEV, CVE-2023-29357, is a “crucial” 9.8 out of 10 vulnerability on the CVSS scale, affecting SharePoint Server 2016 and 2019. With no consumer engagement required, it permits an attacker to bypass authentication checks and acquire administrative entry to a server utilizing spoofed JSON Internet Token (JWT) authentication tokens.
Researchers first demonstrated the utility of CVE-2023-29357 at March 2023’s Pwn2Own occasion, combining it with a second SharePoint vulnerability to create a profitable exploit chain — and successful $100,000 within the course of. One other impartial researcher developed a proof-of-concept (PoC) exploit in September.
Microsoft issued a patch again in June. Nevertheless, it is nonetheless being actively exploited, in line with CISA’s new alert. In a Mastodon put up on Thursday, safety researcher Kevin Beaumont supplied a bit of additional context, writing that “I’m conscious of 1 ransomware group that lastly has a working exploit for this.”
For organizations nonetheless within the firing line, the June patch will be discovered right here.