Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch

Plus, a POC to make it extra easy for attackers

Jessica Lyons Wed 23 Oct 2024  //  19:30 UTC

A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

CISA added the deserialization vulnerability, tracked as CVE-2024-38094, to its Known Exploited Vulnerabilities Catalog and noted that it's "unknown" whether this security flaw is being used in any ransomware campaigns.

Microsoft originally patched the hole during its July Patch Tuesday extravaganza, and while it wasn't listed as exploited or publicly known at the time, Redmond did note that exploitation was "more likely."

"An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," according to the July 9 security update. Microsoft deemed the bug "important," and it earned a 7.2 out of 10 CVSS severity rating. 

The Windows giant did not immediately respond to The Register's questions, including the scope of the exploitation and who is abusing the flaw and for what nefarious purposes.

Plus there's at least one proof-of-concept (POC) exploit out there, so the risk of miscreants finding and abusing this bug is even greater — and now they don't even need to write the code themselves.

Now that it's been added to Uncle Sam's KEV, all Federal Civilian Executive Branch agencies must apply the Microsoft fix no later than November 12. Although this mandate only applies to FCEB agencies, "CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation" of CVEs listed in the catalog.

We second this recommendation, and would suggest patching as soon as possible.

Microsoft also addressed two critical SharePoint Server flaws, CVE-2024-38018 and CVE-2024-43464, in its September Patch Tuesday event. If exploited, these could allow attackers with Site Member and Site Owner permissions to execute code remotely.  ®
Send us news
Post a comment

Windows Themes zero-day bug exposes users to NTLM credential theft

Plus a free micropatch until Redmond fixes the flaw

Putin's pro-Trump trolls accuse Harris of poaching rhinos

Plus: Iran's IRGC probes election-related websites in swing states

Emergency patch: Cisco fixes bug under exploit in brute-force attacks

Who doesn't love abusing buggy appliances, really?

Ransomware's ripple effect felt across ERs as patient care suffers

389 US healthcare orgs infected this year alone

Windows 10 given an extra year of supported life, for $30

MIcrosoft extends its Extended Security Updates club to consumers, at last

Microsoft turning away AI training workloads – inferencing makes better money

Azure's acceleration continues, but so do costs

VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time

If the first patches don't work, try, try again

FortiManager critical vulnerability under active attack

Security shop and CISA urge rapid action

Microsoft crafts Rust hypervisor to power Azure workloads

OpenVMM touts stronger security, but not ready for prime time just yet

Is Microsoft's AI Copilot? CoPilot? Co-pilot? MVP creates site to help get it right

When you say 'team' do you mean 'Teams' or a SharePoint 'team site'? Letmecorrectthatforyou.com explains the difference

Microsoft accused of 'greenwashing' as AI used in fossil fuel exploration

Activists press Redmond to come clean on ‘material reputational, legal, and operational risks’

Microsoft reshuffles execs in Europe, Middle East and Africa unit

UK CEO becomes EMEA president after taking on role in Brit industrial strategy