Microsoft SharePoint Flaw Now Actively Exploited, US Cyber Agency Warns

by Anika Shah - Technology
0 comments

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability in Microsoft SharePoint Server, tracked as CVE-2024-38094, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw allows unauthenticated attackers to execute arbitrary code on affected servers, prompting CISA to mandate that federal agencies patch their systems by October 22, 2024.

What is the risk of CVE-2024-38094?

The vulnerability, identified as CVE-2024-38094, carries a "Critical" severity rating with a CVSS score of 7.2. According to Microsoft’s official security update, the flaw exists in the way SharePoint processes user requests. An attacker with low-level permissions—specifically, a user with Site Owner privileges or higher—can exploit this vulnerability by sending a specially crafted request to a vulnerable SharePoint server.

What is the risk of CVE-2024-38094?

Successful exploitation enables the attacker to execute code remotely within the context of the SharePoint application. Because the flaw can be triggered without high-level administrative access, it presents a significant risk to enterprise environments where SharePoint is used for document management and internal collaboration.

Why CISA issued an emergency directive

CISA maintains the KEV catalog as a list of vulnerabilities that have documented evidence of active exploitation in the wild. By adding CVE-2024-38094 to this list, the agency is signaling that threat actors are actively scanning for and attempting to compromise unpatched SharePoint instances.

Under the Binding Operational Directive (BOD) 22-01, federal civilian executive branch (FCEB) agencies are required to remediate vulnerabilities on the KEV list within a specific timeframe. For this specific SharePoint flaw, the deadline is October 22, 2024. While these directives technically apply only to federal agencies, CISA strongly urges all private sector organizations to prioritize the update to prevent potential data breaches or ransomware deployment.

How to secure your SharePoint environment

Microsoft released the fix for this vulnerability as part of its July 2024 Patch Tuesday updates. Organizations should verify their current version of SharePoint and apply the necessary security patches immediately.

Critical Microsoft SharePoint flaw now exploited in attacks

Administrators can take the following steps to mitigate the risk:

  • Audit Permissions: Since the vulnerability requires specific site-level permissions, auditing and restricting user access to "Site Owner" roles can reduce the attack surface.
  • Apply Updates: Download the security updates directly from the official Microsoft Security Update Guide.
  • Monitor Network Traffic: Security teams should monitor logs for unusual web requests directed toward SharePoint endpoints, particularly those originating from internal accounts with elevated privileges.

Key takeaways on SharePoint security

  • Vulnerability Type: Remote Code Execution (RCE).
  • Severity: Critical (CVSS 7.2).
  • Exploitation Requirement: Attacker must have at least "Site Owner" level permissions.
  • Mandatory Deadline: Federal agencies must patch by October 22, 2024.
  • Remediation: Apply the July 2024 security updates provided by Microsoft.

Frequently Asked Questions

Does this vulnerability allow unauthenticated access?
No. While it is classified as a remote code execution flaw, Microsoft notes that an attacker must have authenticated access to the SharePoint site with at least Site Owner privileges to trigger the exploit.

Key takeaways on SharePoint security

Is this vulnerability currently being exploited?
Yes. CISA confirmed the vulnerability is actively being exploited, which is the primary reason it was added to the Known Exploited Vulnerabilities catalog.

Are all versions of SharePoint affected?
The vulnerability affects several iterations of SharePoint Server. Administrators should consult the Microsoft security bulletin to confirm if their specific build, such as SharePoint Enterprise Server 2016 or 2019, requires the patch.

Related Posts

Leave a Comment