Cyber Security News

Microsoft SharePoint Server Vulnerabilities Chained to Achieve Remote Code Execution

Microsoft SharePoint Server was reported with two vulnerabilities, CVE-2023-29357 and CVE-2023-24955, which threat actors can use for achieving remote code execution (RCE) against Microsoft SharePoint Server.

These vulnerabilities were discovered as part of the Zero Day Initiative’s Pwn2Own contest conducted in March 2023. The STAR labs team was able to find this vulnerability and were rewarded $100,000 for their finding.

However, security researcher Nguyễn Tiến Giang published a GitHub repository containing the proof-of-concept (PoC) for the exploit chain, which could chain these two vulnerabilities to achieve successful remote command execution.

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

CVE-2023-29357 & CVE-2023-24955 – Technical Analysis

CVE-2023-29357 was a Privilege Escalation vulnerability that existed on the Microsoft SharePoint Server, which threat actors can exploit by sending a spoofed JWT (JSON Web Token) authentication token to the Microsoft SharePoint Server, which could elevate their privileges. This vulnerability had a severity of 9.8 (Critical). 

CVE-2023-24955 was a Remote Command Execution vulnerability affecting the same Microsoft SharePoint Server and had a severity of 7.2 (High). Microsoft patched both of these vulnerabilities as part of their May and June security patches.

Exploit Chain

After conducting several research for over a year, security researcher Jang combined the authentication bypass vulnerability with the code injection vulnerability, which resulted in an unauthenticated RCE on the Microsoft SharePoint Server. A Proof-of-concept video was also published, which demonstrated the attack and exploitation. 

Additionally, it was worth noting that the security researchers made sure that the publicly available proof-of-concept does not achieve unauthenticated RCE, as threat actors can indulge in various malicious activities with a publicly available exploit.

Users of the Microsoft SharePoint server are recommended to patch these vulnerabilities by following the Microsoft Security patch released every second Tuesday of every month.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

Eswar

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.

Recent Posts

Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More

On a weekly basis, the cyber security newsletter is considered an essential update on information…

4 hours ago

8.5 Million Windows Systems Hit by CrowdStrike Faulty Update – Microsoft Says!

Microsoft has revealed that a faulty software update released by cybersecurity firm CrowdStrike on July…

1 day ago

Hackers Exploits CrowdStrike Issues to Attack Windows System With RemCos Malware

On July 19, 2024, CrowdStrike identified an issue in a content update for the Falcon…

1 day ago

Alert! Hackers Exploiting CrowdStrike Issue in Cyber Attacks

Cybersecurity experts have uncovered a concerning development following the recent CrowdStrike Falcon sensor issue that…

2 days ago

10 Best Linux Firewalls In 2024

At present, many computers are connected via numerous networks. Monitoring all traffic and having something…

2 days ago

CrowdStrike Releases Fix for Updates Causing Windows to Enter BSOD Loop

CrowdStrike has issued a fix for a problematic update that caused numerous Windows systems to…

2 days ago