CISA Warns of Active Exploitation of Critical Microsoft SharePoint Vulnerability

January 12, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical security vulnerability affecting Microsoft SharePoint Server. This vulnerability, tagged as CVE-2023-29357, is a privilege escalation flaw that is currently being actively exploited. This flaw can be leveraged by an attacker to gain administrator privileges. Microsoft has already rolled out patches to fix this bug as part of its June 2023 Patch Tuesday updates.

"An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user," according to Microsoft. The attacker does not need any privileges and the user is not required to perform any action for this to occur.

The exploit for this flaw was demonstrated by security researcher Nguyễn Tiến Giang of StarLabs SG at the Pwn2Own Vancouver hacking contest, where he received a $100,000 prize. The exploit chain used for the demonstration combined authentication bypass (CVE-2023–29357) with a code injection bug (CVE-2023-24955). The latter bug was patched by Microsoft in May 2023.

In a technical report published in September 2023, Tiến Giang noted that the process of discovering and crafting the exploit chain took nearly a year of meticulous effort and research.

At present, detailed specifics regarding the real-world exploitation of CVE-2023–29357 and the identity of the threat actors potentially abusing it are not known. However, federal agencies are advised to apply the patches by January 31, 2024, to protect against the active threat.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.