RCE Vulnerabilities in Microsoft SharePoint Server: PoC Exploit Code Published

Security researcher Janggggg has disclosed proof-of-concept (PoC) exploit code for three vulnerabilities (CVE-2024-38023, CVE-2024-38024, CVE-2024-38094) in Microsoft SharePoint Server. Although the researcher has not disclosed detailed technical information, the available PoC code is sufficient to demonstrate the potential risks associated with these vulnerabilities. These vulnerabilities, all classified as Remote Code Execution (RCE) flaws, could enable an attacker with elevated privileges to gain unauthorized control over affected systems.

The vulnerabilities stem from improper handling of deserialization of file parameters during file uploads and subsequent API requests. A threat actor with Site Owner permissions or higher could exploit these flaws to execute arbitrary code within the context of the SharePoint Server, potentially leading to data breaches, service disruptions, or complete system compromise.

The PoC exploit codes for these vulnerabilities (CVE-2024-38023, CVE-2024-38024, CVE-2024-38094) are now publicly available on GitHub, significantly lowering the barrier for potential attackers to exploit these vulnerabilities. The publication of these PoC codes highlights the critical need for organizations using Microsoft SharePoint Server to apply the latest security patches immediately. Failure to do so leaves systems vulnerable to attacks that could compromise sensitive data and disrupt operations.

Microsoft addressed these vulnerabilities in their July Patch Tuesday release. Organizations utilizing Microsoft SharePoint Server are strongly urged to apply these security updates immediately. Additionally, restricting elevated privileges and implementing robust monitoring of file uploads and API activity can serve as additional layers of protection.