The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has additional a security flaw impacting the Microsoft Sharepoint Server to its Regarded Exploited Vulnerabilities (KEV) catalog primarily based on proof of lively exploitation in the wild.
The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical distant code execution flaw that allows an authenticated attacker with Web site Proprietor privileges to execute arbitrary code.
“In a network-dependent attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server,” Microsoft explained in an advisory. The flaw was addressed by Microsoft as section of its Patch Tuesday updates for Could 2023.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The advancement will come more than two months following CISA extra CVE-2023-29357, a privilege escalation flaw in SharePoint Server, to its KEV catalog.
It really is worth pointing out that an exploit chain combining CVE-2023-29357 and CVE-2023-24955 was shown by StarLabs SG at the Pwn2Own Vancouver hacking contest past year, earning the researchers a $100,000 prize.
That said, there is at present no information and facts on the attacks weaponizing these two vulnerabilities and the risk actors that may perhaps be exploiting them.
Microsoft formerly instructed The Hacker Information that “clients who have enabled computerized updates and empower ‘Receive updates for other Microsoft products’ selection within their Windows Update options are currently guarded.”
Federal Civilian Executive Branch (FCEB) businesses are essential to utilize the fixes by April 16, 2024, to safe their networks from energetic threats.
Found this posting fascinating? Abide by us on Twitter and LinkedIn to read extra exceptional information we article.
Some sections of this posting are sourced from:
thehackernews.com