By Interestana AI Editorial — AI-drafted, human-overseen. How we report
CISA Warns of Exploited SharePoint Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Tuesday, March 12, 2024, detailing that malicious actors are actively exploiting three vulnerabilities in Internet-exposed, on-premises SharePoint Server instances. These vulnerabilities, identified as CVE-2023-29357, CVE-2023-29363, and CVE-2024-21475, pose significant risks to organizations utilizing this collaboration platform.
CISA has added these three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal civilian executive branch agencies to apply patches by April 2, 2024. While the directive specifically targets federal agencies, CISA strongly urges all organizations using SharePoint Server to prioritize patching these flaws to mitigate potential compromise. The agency has not disclosed specific details regarding the nature of the exploits or the extent of their deployment, but the inclusion in the KEV catalog signifies active exploitation in the wild.
Microsoft has released security updates to address these vulnerabilities. Organizations are advised to consult Microsoft's official security advisories for detailed information on the patches and recommended mitigation strategies. The exploitation of these SharePoint flaws highlights the ongoing threat landscape for widely used enterprise software and the critical importance of timely vulnerability management and patching to maintain a strong security posture.
Original source — read the full reporting at the publisher:
Read on BleepingComputerGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.