Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 28 September 2023 – Critical Exploits for On Premise Version of Microsoft SharePoint

Black Arrow Cyber Advisory 28 September 2023 – Critical Exploits for On Premise Version of Microsoft SharePoint

Executive Summary

Researchers who discovered two critical vulnerabilities in Microsoft SharePoint Server have released details of an exploit which chains the two together to allow an attacker to enable remote code execution on affected servers. One of the vulnerabilities, which has had a proof of concept released this week, allows a malicious attacker to gain administrator privileges from a non-privileged account. The other vulnerability allows the attacker to execute arbitrary code on SharePoint servers. Microsoft has issued patches that address these vulnerabilities in its monthly security update for May and June.

Technical Summary

CVE-2023-29357 – This is a critical vulnerability which allows an attacker to use spoofed JWT authentication tokens to bypass authentication and allow them to gain access to the privileges of an authenticated user. The attacker does not need any privileges to execute this vulnerability. 

CVE-2023-24955 – This is a critical vulnerability which allows an attacker to execute arbitrary code on the vulnerable SharePoint servers.

What’s the risk to me or my business?

The vulnerabilities when chained together allows an attacker to elevate to a privileged account and perform remote code execution. This gives an attacker the ability to distribute malicious files, links, and emails to users. This access allows to attacker to compromise the confidentiality, integrity, and availability of the data in your organisation.

The impacted on-premises products include the following:

  • SharePoint Server 2019

  • SharePoint Server 2016

  • SharePoint Server Subscription Edition

What can I do?

Microsoft have released patches for these vulnerabilities in its monthly security update for May and June. They also advise that if there are multiple updates available to apply all updates available to ensure that the product is secure.

More information on the SharePoint Server Remote Code Execution Vulnerability:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955

More information on the SharePoint Server Elevation of Privilege Vulnerability:

 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Read More