Based on evidence of active exploitation in the open, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security vulnerability affecting Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog.

Critical remote code execution (CVSS score: 7.2): the identified defect permits arbitrary code execution by an authenticated attacker possessing Site Owner privileges. The vulnerability is designated as CVE-2023-24955.

Google Provides Chrome Users with Enhanced Real-Time URL Protection

“In a network-based attack, an authenticated attacker as a site owner could execute code remotely on the SharePoint Server,” Microsoft indicated in a security advisory. Microsoft patched the vulnerability as an inclusion in its Patch Tuesday updates for May 2023, Microsoft patched the vulnerability.

The development occurs over two months subsequent to the inclusion of CVE-2023-29357, a SharePoint Server privilege escalation vulnerability, in CISA’s KEV catalog.

Notably, StarLabs SG won $100,000 for their exploit chain, which included CVE-2023-29357 and CVE-2023-24955, at the Pwn2Own Vancouver hacking competition last year.

However, information regarding the threat entities that may be exploiting these two vulnerabilities or the attacks that are weaponizing them is currently unavailable.

Pro-Palestinian hackers assert that Viber was compromised.

In a previous statement to The Hacker News, Microsoft stated that “customers are already protected if they have enabled automatic updates and the ‘Receive updates for other Microsoft products’ option within their Windows Update settings.”

By April 16, 2024, agencies under the Federal Civilian Executive Branch (FCEB) must implement the necessary adjustments to protect their networks against active threats.

source