Microsoft SharePoint has a worrying security flaw, experts warn

A digital representation of a lock
(Image credit: Altalex)

The US Cybersecurity and Infrastructure Agency (CISA) is warning admins that a Microsoft SharePoint Server flaw is now being actively exploited in the wild.

In a new addition to its Known Exploited Vulnerabilities (KEV) catalog, CISA says CVE-2023-29357 is being used to gain elevated privileges. 

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," it noted.

Remote access tools under assault

Microsoft described the vulnerability as a privilege escalation flaw and patched it with the June 2023 Patch Tuesday cumulative update.

"An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user," Microsoft said. "The attacker needs no privileges nor does the user need to perform any action."

As per TheHackerNews, security researcher Nguyễn Tiến Giang (Jang) of StarLabs SG showed the vulnerability in action at the Pwn2Own Vancouver hacking contest and earned $100,000 in prize money. He chained the flaw with CVE-2023-24955 (patched in May this year), and gained remote code execution capabilities on an infected endpoint.

The latter had a severity score of 7.2.

"The process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain," the researcher said in a report published in September last year.

CISA did not share more details in its alert, so we don’t know who the threat actors are, or who they’re targeting, other than the fact that the victims could be Federal organizations. “CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice,” the organization concluded. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.