.webp)
The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability to its known exploited vulnerability catalog, CVE-2023-29357, that has a CVSS score of 9.8 CRITICAL and is an Escalation of Privilege vulnerability that affects Microsoft SharePoint Server. For CISA to add vulnerabilities to its Known Exploited Vulnerabilities catalog, three key criteria must be met. First, the vulnerability must have a CVE ID, second, reliable evidence that the vulnerability has been actively exploited in the wild exists, and third, clear remediation action for the vulnerability is available. When a vulnerability is added to this list, it should be patched with urgency and in a particular way.
This vulnerability, which impacts Microsoft SharePoint Server 2019, allows a network-based attacker to perform high impact Confidentiality, Integrity, and Availability exploits in a low complexity manner, without user interaction or privileges. According to Microsoft, an attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack that bypasses authentication measures and is able to gain access to the privileges of an authenticated user and even potentially gaining administrator privileges.
Reviewing your software inventory for instances of Microsoft SharePoint Server 2019. If you have instances of this software, check for installations of KB5002402 and KB5002403. If these installations do not exist you are vulnerable and should patch as soon as possible.
To remediate this vulnerability it is essential to install both KB5002402 and KB5002403 using one of three methods:
Customers who have enabled the AMSI integration feature and use Microsoft Defender across their SharePoint Server farm(s) are protected from this vulnerability.
Exploitation of this vulnerability is likely due to evidence of active exploitation and the level and ease of access this vulnerability grants to the attacker. If exploited it can allow the attacker to obtain administrator privileges which will grant the attack the ability to whatever they wish on the targeted system which could allow them to laterally move through the environment and infect systems with malware. Monetary, reputational, and data loss will likely result from exploitation.
Patch: We recommend following vendor instructions and patching as soon as possible. Few vulnerabilities are added to the CISA Exploited Vulnerabilities list, Those that are should be taken seriously and remediated quickly.
https://nvd.nist.gov/vuln/detail/CVE-2023-29357
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357
In May of 2024, a national association for amateur radio was hit by a severe ransomware attack that encrypted multiple internal systems, including desktops, laptops, and both Windows and Linux servers. The attack was coordinated by organized criminals and enabled by information purchased on the dark web. Learn how their response can help your organization avoid becoming a casualty of the ransomware trend.
Hospitals and healthcare providers have increasingly become targets of cyberattacks, which pose significant risks to patient care and safety. This document examines the various ways in which cyberattacks can disrupt hospital operations, compromise patient data security, and ultimately affect the quality of patient care. It also explores strategies and best practices that hospitals can implement to mitigate these risks and enhance their cybersecurity posture.
Ethical hacking has become an essential response to an IT industry kept on its toes by a spectrum of bad actors with malicious intent. This article introduces two prominent methodologies that help the good guys fight back: penetration testing (pen-testing) and red teaming. Learn more here.
Host Geoff Hancock was joined by guests Mike Rush, Director of Threat Intelligence at Access Point Consulting; and Evie Manning, Senior Director of Threat Hunting and Intelligence at Access Point Consulting. Together, they talked about cyber threat intelligence and the applications that can make it work for small and medium-sized businesses.
