CISA Warns Recent Microsoft SharePoint RCE Flaw Exploited in Attacks

Share This Post

The US cybersecurity agency CISA on Tuesday warned that a recently patched remote code execution (RCE) vulnerability in Microsoft SharePoint Server has been exploited in the wild.

The issue, tracked as CVE-2024-38094 (CVSS score of 7.2) and addressed with July 2024 Patch Tuesday updates, can be exploited over the network without user interaction, but requires authentication as a highly privileged user.

“An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server,” Microsoft explains in its advisory.

According to a Qualys assessment, the bug resembles CVE-2024-38024, which can be exploited using “specialized API requests to trigger deserialization of file’s parameters” and execute arbitrary code on the SharePoint server.

Two days after Microsoft rolled out the July 2024 security updates, SocRadar warned that proof-of-concept (PoC) code targeting both vulnerabilities and CVE-2024-38023, another RCE bug in SharePoint, had been released.

On Tuesday, CISA added CVE-2024-38094 to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to apply Microsoft’s fixes as soon as possible.

There do not appear to be any public reports describing the attacks exploiting CVE-2024-38094.

Per Binding Operational Directive (BOD) 22-01, federal agencies have until November 12 to identify vulnerable SharePoint instances within their environments and patch or remove them.

Advertisement. Scroll to continue reading.

“Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice,” CISA notes.

Threat actors are known to have exploited SharePoint defects for which patches had been released. This year alone, CISA warned of the in-the-wild exploitation of three such flaws: one demonstrated at Pwn2Own, one patched in June 2023, and CVE-2024-38094.

Related: Roundcube Webmail Vulnerability Exploited in Government Attack

Related: Microsoft’s Take on Kernel Access and Safe Deployment Following CrowdStrike Incident

Related: Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library

Related: Windows Flaw Exploited to Deliver PowerShell Backdoor

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .