CyberSecurityBoard
Sponsor Register Login

CISA Urges Patching of Exploited SharePoint Server Vulnerability

The US cybersecurity agency CISA on Wednesday issued a warning on threat actors exploiting a critical Microsoft SharePoint Server vulnerability in the wild.
The security defect, tracked as CVE-2023-29357 and patched on June 2023 Patch Tuesday, is described as an elevation of privilege flaw that allows unauthenticated attackers to gain administrator privileges.
An attacker can exploit the bug by sending a spoofed JSON Web Token authentication token to a vulnerable SharePoint server.
According to Microsoft, no user interaction is required for successful exploitation.
Microsoft credited Nguyễn Tiến Giang of StarLabs SG for identifying the vulnerability.
The researcher had demonstrated the issue at ZDI's Pwn2Own hacking contest in Vancouver, in March 2023, earning a $100,000 prize for his discovery.
In September 2023, the researcher published a technical writeup of the flaw and its use in a two-bug exploit chain to achieve pre-authentication remote code execution on the SharePoint server, along with proof-of-concept code demonstrating the attack.
The second vulnerability exploited in the attack had been patched in May 2023.
This week, more than three months after the PoC publication, CISA has added CVE-2023-29357 to its Known Exploited Vulnerabilities catalog, sending a clear message that threat actors are actively exploiting it in attacks targeting SharePoint servers.
While CISA does not provide specific information on the observed exploitation, the agency told SecurityWeek in the past that it only adds security defects to the KEV list based on solid evidence of active exploitation.
Microsoft has yet to update its advisory to confirm that the vulnerability has been exploited.
The flaw does have an 'exploitation more likely' classification in the tech giant's advisory.
Now that CVE-2023-29357 has been added to KEV, federal agencies have 21 days to identify vulnerable SharePoint instances within their environments and apply the available patches, as mandated by the Binding Operational Directive 22-01.
BOD 22-01 only applies to federal agencies but CISA advises all organizations to review the entries in the KEV catalog and to apply patches as soon as possible, or discontinue vulnerable products if patches are not available.


This Cyber News was published on www.securityweek.com. Publication date: Thu, 11 Jan 2024 13:13:06 +0000


Cyber News related to CISA Urges Patching of Exploited SharePoint Server Vulnerability

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
2 weeks ago Krebsonsecurity.com CVE-2025-53770
SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
2 weeks ago Cybersecuritynews.com
Debunking Myths About Linux Kernel Patching - As the kernel evolves to meet the demands of modern computing, patching becomes essential to keep it secure. There are some myths and misconceptions about Linux kernel patching that often discourage users from carrying out this crucial task. In this ...
1 year ago Securityboulevard.com
CISA Warns of Microsoft SharePoint server 0-Day RCE Vulnerability Exploited in Wild - CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively exploiting in the wild. The vulnerability, tracked as ...
2 weeks ago Cybersecuritynews.com CVE-2025-53770
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
CISA Urges Patching of Exploited SharePoint Server Vulnerability - The US cybersecurity agency CISA on Wednesday issued a warning on threat actors exploiting a critical Microsoft SharePoint Server vulnerability in the wild. The security defect, tracked as CVE-2023-29357 and patched on June 2023 Patch Tuesday, is ...
1 year ago Securityweek.com CVE-2023-29357
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
10 months ago Therecord.media
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available - The Microsoft SharePoint zero-day attacks were first identified by Dutch cybersecurity firm Eye Security, which told BleepingComputer that over 75 companies have already been compromised by the attacks. In May, Viettel Cyber Security researchers ...
2 weeks ago Bleepingcomputer.com CVE-2025-49706
Microsoft Releases Mitigations and Threat Hunting Queries for SharePoint Zero-Day - Thousands of organizations worldwide face active cyberattacks targeting Microsoft SharePoint servers through two critical vulnerabilities, prompting urgent government warnings and emergency patches. Microsoft released emergency security updates on ...
2 weeks ago Cybersecuritynews.com CVE-2025-53770
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 Akira
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
1 year ago Securityweek.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild - The vulnerabilities, designated as CVE-2025-49704 and CVE-2025-49706, pose significant risks to organizations running on-premises SharePoint servers and have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog with an immediate ...
2 weeks ago Cybersecuritynews.com CVE-2025-49704
Critical SharePoint RCE Vulnerability Exploited Using Malicious XML Payload Within Web Part - The vulnerability highlights the critical importance of secure deserialization practices in enterprise applications and the need for comprehensive security reviews of complex application frameworks like SharePoint. According to the Viettel Security ...
3 weeks ago Cybersecuritynews.com
New SharePoint flaws help hackers evade detection when stealing files - Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. Microsoft SharePoint is a web-based collaborative platform that integrates with ...
1 year ago Bleepingcomputer.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
Chinese Hackers Actively Exploiting SharePoint Servers 0-Day Vulnerability in the Wild - The tech giant’s Security Response Center reported coordinated attacks targeting internet-facing SharePoint installations using newly disclosed vulnerabilities that enable authentication bypass and remote code execution. Microsoft has released ...
2 weeks ago Cybersecuritynews.com CVE-2025-53770
Microsoft Released an Emergency Security Update to Patch a Critical SharePoint 0-Day Vulnerability - Microsoft has issued an urgent security advisory addressing critical zero-day vulnerabilities in on-premises SharePoint Server that attackers are actively exploiting. Microsoft Defender for Endpoint generates specific alerts, including ...
2 weeks ago Cybersecuritynews.com CVE-2025-53770
CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities - The US cybersecurity agency CISA on Tuesday added four bugs impacting multiple Qualcomm chipsets to its Known Exploited Vulnerabilities Catalog. All four issues were identified by Google's Threat Analysis Group and Google Project Zero, which often ...
1 year ago Securityweek.com CVE-2023-33106 CVE-2023-33107 CVE-2023-33063 CVE-2022-22071 CVE-2023-42916 CVE-2023-42917
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)