CISA reports that a vulnerability in Microsoft SharePoint is currently being exploited, enabling attackers to remotely inject code into affected versions.
CISA reports that a vulnerability in Microsoft SharePoint is currently being exploited, enabling attackers to remotely inject code into affected versions.
The US Cybersecurity and Infrastructure Security Agency (CISA) has included the deserialization vulnerability CVE-2024-38094 in its Known Exploited Vulnerabilities Catalog, stating that it's "unknown" if this flaw is being utilized in ransomware campaigns.
An authenticated attacker with Site Owner permissions could exploit this vulnerability to inject and execute arbitrary code within the SharePoint environment. The risk is further increased by the availability of proof-of-concept (PoC) code in the public domain, emphasizing the need for organizations to take prompt action.
Microsoft initially addressed the issue during its July Patch Tuesday, and although it wasn't identified as exploited or publicly known at that time, the company noted that exploitation was "more likely."
CISA's addition of vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog underscores that these issues are actively exploited in real-world situations, posing a threat to organizations.
In particular, high-severity vulnerabilities like CVE-2024-38094 enable authenticated users with Site Owner permissions to inject arbitrary code into SharePoint Server, potentially resulting in data breaches, ransomware attacks, and privilege escalation.
There are no current reports detailing how CVE-2024-38094 is being exploited in the wild. In response to potential abuse, Federal Civilian Executive Branch (FCEB) agencies must implement the latest patches by November 12, 2024, to protect their networks.
Organizations using affected versions of SharePoint must prioritize timely patching and implement security measures to address these threats.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.