The US Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Microsoft Sharepoint Server to its catalog of Known Exploited Vulnerabilities (KEVs) based on evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2023-24955 (CVSS Score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with site owner privileges to execute arbitrary code.
“In a network-based attack, an attacker authenticated as the site owner could remotely execute code on the SharePoint server,” Microsoft said in an advisory. The flaw was fixed by Microsoft as part of the May 2023 Patch Tuesday updates.
The development comes more than two months after CISA added CVE-2023-29357, a privilege escalation flaw in SharePoint Server, to its KEV catalog.
It’s worth pointing out that an exploit chain combining CVE-2023-29357 and CVE-2023-24955 was demonstrated by StarLabs SG at the Pwn2Own Vancouver hacking competition last year, earning the researchers a $100,000 prize.
That said, there is currently no information on attacks that use these two vulnerabilities as weapons and on the threat actors who may be exploiting them.
Microsoft previously told The Hacker News that “customers who have automatic updates enabled and enable the ‘Receive updates for other Microsoft products’ option in Windows Update settings are already protected.”
Federal Civilian Executive Branch (FCEB) agencies are required to apply the fixes by April 16, 2024, to protect their networks from active threats.