Article Details
Scrape Timestamp (UTC): 2024-01-12 06:36:53.923
Source: https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html
Original Article Text
Click to Toggle View
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability . The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain administrator privileges. Microsoft released patches for the bug as part of its June 2023 Patch Tuesday updates. "An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user," Redmond said. "The attacker needs no privileges nor does the user need to perform any action." Security researcher Nguyễn Tiến Giang (Jang) of StarLabs SG demonstrated an exploit for the flaw at the Pwn2Own Vancouver hacking contest, earning a $100,000 prize. The pre-authenticated remote code execution chain combines authentication bypass (CVE-2023–29357) with a code injection bug (CVE-2023-24955, CVSS score: 7.2), the latter of which was patched by Microsoft in May 2023. "The process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain," Tiến Giang noted in a technical report published in September 2023. Additional specifics of the real-world exploitation of CVE-2023–29357 and the identity of the threat actors that may be abusing them are presently unknown. That said, federal agencies are recommended to apply the patches by January 31, 2024, to secure against the active threat. The Ultimate Enterprise Browser Checklist Download a Concrete and Actionable Checklist for Finding a Browser Security Platform. Master Cloud Security - Get FREE eBook Comprehensive eBook covering cloud security across infrastructure, containers, and runtime environments for security professionals
Daily Brief Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a critical vulnerability in Microsoft SharePoint Server, identified as CVE-2023-29357.
This significant privilege escalation flaw, with a CVSS score of 9.8, could enable attackers to obtain administrator privileges.
Patches for the vulnerability were released by Microsoft in its June 2023 Patch Tuesday updates.
Security researcher Nguyễn Tiến Giang of StarLabs SG showcased an exploit utilizing this SharePoint flaw combined with another vulnerability to achieve a remote execution attack chain during the Pwn2Own contest.
Crafting the exploit chain required nearly a year of research and has earned the researcher a $100,000 prize.
The specific details surrounding the real-world exploitations and the identities of the actors leveraging CVE-2023-29357 remain undisclosed.
CISA has urged federal agencies to apply the necessary patches by January 31, 2024, to mitigate the threat posed by the actively exploited vulnerability.