In late March 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert concerning the exploitation of a flaw in Microsoft SharePoint. Although detected in September 2023, active exploitation has only recently come to light. Thankfully, Microsoft provides updates to address the vulnerability.
Microsoft SharePoint vulnerability
A critical vulnerability (CVE-2023-24955, CVSS: 7.2) has been found in Microsoft SharePoint, affecting SharePoint Enterprise Server 2013, SharePoint Server 2016, and SharePoint Server 2019. Attackers can exploit this flaw via code injection by replacing a specific file (/BusinessDataMetadataCatalog/BDCMetadata.bdcm) on the server. Consequently, the injected code gets compiled into an assembly, allowing the execution of arbitrary code on the server.
A team of security researchers first discovered this vulnerability and promptly notified Microsoft. The vulnerability targets a flaw in the mechanism for handling specific web requests. Successful exploitation merely necessitates the attacker sending a tailored request to a SharePoint server. Notably, the attacker doesn’t require credentials or prior access to the victim’s network for the attack to succeed.
Remote code execution flaws are among the most severe, enabling attackers to execute their code across multiple systems. They serve as entry points and facilitate lateral movement. Given the prevalence of Microsoft solutions, this vulnerability is likely to be exploited alongside others within the Microsoft ecosystem.
OFFICIAL MICROSOFT PATCHES AND UPDATES
Surprisingly, the vulnerability was already patched before researchers discovered it during Patch Tuesday in May 2023. However, after its public disclosure, the company issued security advisories and updates for all supported versions, urging immediate patching. Official patches are accessible via Microsoft’s standard update channels and support site. Yet, given the flaw’s high CVSS score, prompt action should have been taken much earlier.
Meanwhile, most vulnerabilities remain unpatched until publicly disclosed. Safeguarding against them necessitates robust security solutions, especially those capable of detecting potential exploitation.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment