As you may be aware, CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based upon recent evidence of active exploitation.

The Microsoft SharePoint Server Code Injection Vulnerability CVE-2023-24955, although published in September of 2023, is being actively exploited in the wild.

Known Affected Software Configurations include:

  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft SharePoint Server 2019

CVE-2023-24955
In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server.

How to fix these vulnerabilities – summary

Download and apply the relevant Security Update directly from Microsoft.

For manual downloading:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955

For customers with Attack Surface Management (ASM) and/ or Continuous Vulnerability Assessment (CVA) products we will be in touch with a curated dataset shortly.

Sources

https://nvd.nist.gov/vuln/detail/CVE-2023-24955#match-9154127