Home/News/CISA: SharePoint RCE Flaw Actively Exploited
BleepingComputer3 min read

CISA: SharePoint RCE Flaw Actively Exploited

The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Wednesday that attackers have begun actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft SharePoint. This flaw, identified as CVE-2023-29357, was patched by Microsoft in its May security updates. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply the necessary patches by June 7, 2023, to mitigate potential risks. The agency did not disclose specific details regarding the nature of the exploitation or the threat actors involved, but emphasized the urgency for all organizations to implement the available security measures.

The vulnerability allows unauthenticated attackers to execute arbitrary code on a vulnerable SharePoint server. This could lead to a complete compromise of the affected system, enabling attackers to steal sensitive data, disrupt services, or use the compromised server as a pivot point for further network intrusions. Microsoft's advisory for CVE-2023-29357 indicates that the vulnerability is present in SharePoint Server Subscription Edition, SharePoint Server 2019, SharePoint Server 2016, and SharePoint Foundation 2013.

CISA's inclusion of CVE-2023-29357 in the KEV catalog signifies a heightened threat level, as it indicates that the vulnerability is not just theoretical but is actively being leveraged in real-world attacks. The catalog requires federal civilian executive branch agencies to implement specific security measures by a set deadline to protect their networks. While the mandate applies to federal agencies, CISA strongly urges all organizations, including private sector entities, to prioritize patching this vulnerability to prevent potential breaches.

This active exploitation underscores the ongoing challenges in securing widely used enterprise software. Organizations that have not yet applied Microsoft's May security updates for SharePoint are at significant risk. CISA's directive serves as a critical alert, highlighting the immediate need for diligent vulnerability management and timely patching to defend against sophisticated cyber threats.

Original source — read the full reporting at the publisher:

Read on BleepingComputer

Read next