Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch

Plus, a POC to make it extra easy for attackers

Jessica Lyons Wed 23 Oct 2024  //  19:30 UTC

A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

CISA added the deserialization vulnerability, tracked as CVE-2024-38094, to its Known Exploited Vulnerabilities Catalog and noted that it's "unknown" whether this security flaw is being used in any ransomware campaigns.

Microsoft originally patched the hole during its July Patch Tuesday extravaganza, and while it wasn't listed as exploited or publicly known at the time, Redmond did note that exploitation was "more likely."

"An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," according to the July 9 security update. Microsoft deemed the bug "important," and it earned a 7.2 out of 10 CVSS severity rating. 

The Windows giant did not immediately respond to The Register's questions, including the scope of the exploitation and who is abusing the flaw and for what nefarious purposes.

Plus there's at least one proof-of-concept (POC) exploit out there, so the risk of miscreants finding and abusing this bug is even greater — and now they don't even need to write the code themselves.

Now that it's been added to Uncle Sam's KEV, all Federal Civilian Executive Branch agencies must apply the Microsoft fix no later than November 12. Although this mandate only applies to FCEB agencies, "CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation" of CVEs listed in the catalog.

We second this recommendation, and would suggest patching as soon as possible.

Microsoft also addressed two critical SharePoint Server flaws, CVE-2024-38018 and CVE-2024-43464, in its September Patch Tuesday event. If exploited, these could allow attackers with Site Member and Site Owner permissions to execute code remotely.  ®
Send us news
Post a comment

Under Trump 2.0, Europe's dependence on US clouds back under the spotlight

Technologist Bert Hubert tells The Reg Microsoft Outlook is a huge source of geopolitical risk

Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond's OpenAI-powered cloud – claim

Microsoft expands Copilot bug bounty targets, adds payouts for even moderate messes

Said bugs 'can have significant implications' – glad to hear that from Redmond

Oops, some of our customers' Power Pages-hosted sites were exploited, says Microsoft

Don't think this is SaaS and you can relax: Redmond wants a few of you to check your websites

Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws

PoC exploit code shows why this is a patch priority

Ghost ransomware crew continues to haunt IT depts with scarily bad infosec

FBI and CISA issue reminder - deep sigh - about the importance of patching and backups

Microsoft unveils finalized EU Data Boundary as European doubt over US grows

Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored

If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish

Roses aren't cheap, violets are dear, now all your access token are belong to Vladimir

Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload

Because stealing your credentials, banking info, and IP just wasn’t enough

Microsoft shows off novel quantum chip that can scale to 'a million qubits'. So far: Eight

Not just a matter of time but a matter of Majorana fermions, too

Microsoft's drawback on datacenter investment may signal AI demand concerns

Investment bank claims software giant ditched 'at least' 5 land parcels due to potential 'oversupply'

Ad-supported Microsoft Office bobs to the surface

Only a test at the moment, but a sign of things to come?