CISA Warns of Active CVE-2023-24955 Exploitation in Microsoft SharePoint Server

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm regarding active attacks targeting a vulnerability in Microsoft SharePoint Server (CVE-2023-24955). This flaw has now joined CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling both the severity and increased risk of widespread attacks.

CVE-2023-24955, while requiring authentication, could allow attackers to execute malicious code on a compromised SharePoint Server. This grants them the potential to gain control over sensitive data or disrupt critical systems.

Microsoft rates this vulnerability as “Critical“, its highest severity classification, even though the CVSSv3.1 score is a more moderate 7.2. This underscores the potential consequences of successful exploitation.

Microsoft released a patch for this vulnerability in May 2023. However, the recent escalation of attacks suggests numerous organizations have failed to update their systems.

Image: zerodayinitiative

Security researchers have demonstrated that CVE-2023-24955 can be chained with another vulnerability, CVE-2023-29357, to make exploitation significantly easier.

CISA’s mandate requires federal agencies to address this flaw by April 16, 2024, reflecting the seriousness of the situation.

If you use Microsoft SharePoint Server, immediately apply the relevant security updates released in May 2023 or later versions.