Hackers Actively Attacking Microsoft SharePoint Vulnerability

by | Apr 1, 2024 | Cybersecurity

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently released a warning concerning a Microsoft SharePoint vulnerability that hackers are actively attacking. Read on to learn more about the vulnerability and what you can do to keep your systems protected.

What is the Microsoft SharePoint Vulnerability?

The Microsoft SharePoint vulnerability has been identified as CVE-2023-24955. The Common Vulnerability Scoring System (CVSS) rates the vulnerability as 7.2 on a scale of 1-10. The flaw occurs in the system’s remote code execution allowing anyone with Site Owner privileges to enter code that could compromise the system.

The flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to ongoing, active hacker attacks.

Microsoft has acknowledged the flaw and addressed it in its Patch Tuesday updates in May of 2023. “In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint server,” a company advisory stated.

The vulnerability was identified after CISA added another Microsoft SharePoint vulnerability, CVE-2023-29357 to its KEV catalog. Last year, an exploit chain that combined CVE-2023-29357 and CVE-2023-24955 was demonstrated at the Pwn20wn Vancouver hacking contest by Star Labs SV and won the presenters a $100,000 prize.

There is no additional information on the attacks that exploit the system’s vulnerabilities or what agencies or individuals may be behind them.

What is Being Done?

Customers with Microsoft SharePoint may protect themselves against possible attacks by enabling automatic updates. Click the “Receive updates for other Microsoft products” on your Window Update setting to keep your company protected. The updates offer protection against related threats.

Following CISA mandates, fixes will be applied by April 16, 2024, to remove vulnerabilities and enhance system security.

Best Practices to Improve SharePoint Security

Manage User Permissions Through Groups

Admins should avoid assigning permissions directly to users. Rather they should assign permissions to groups and grant each user individual membership. This approach simplifies provisioning measures and ensures permission aligns with the least-privilege principle.

Avoid Item-Level Permissions

Permissions should be assigned to libraries, folders, and other high-level containers rather than specific files which may be overlooked in permission reviews or lead to broken inheritance and put the system at risk. Item-level permissions can also slow down the system and reduce usability. Microsoft’s Information Rights Management (IRM) minimizes the need for item-level permissions.

Isolate Sites that Allow External Sharing into a Separate Site Collection

Admins should separate sites that allow external sharing by placing them in one site collection. This approach will provide better control over what can be shared externally. It will also track external sharing so you can monitor what items have been shared and which parties gained access.

Control Anonymous Sharing

Anonymous links, or ‘anyone links’, allow anyone who has the link to view and edit content without authentication. Disable anonymous sharing if possible.

If you must allow anonymous sharing, you can reduce your risk by changing the default link setting from ‘anyone’ to a link that provides access only to users in your organization. This strategy means users must specifically select the anyone option when sharing content with unauthenticated parties.

You can also use the link to control the type of access the link approves. You can set an expiration date to limit your access controls. These settings can be found in the SharePoint Admin center in the Policies section under ‘Sharing’.

Classify Your SharePoint Data

Data Loss Prevention (DLP) is integrated into all Microsoft services. It allows you to identify sensitive data and control access. SharePoint specifically enables you to inspect all aspects of your data and apply customized security policies to protect it.

Monitor SharePoint for Updates

SharePoint’s evolving technology means you must constantly audit the system to identify changes in hardware, services, and security settings. Doing so will help you spot vulnerabilities before they reach threat level. A third-party SharePoint monitoring tool will help you detect changes that can make your system vulnerable.

Review Access Rights

Ensure you are sharing sensitive data with authorized parties by manually checking your permission levels. However, a manual process will not tell you which IT resources a group can access. To find this information, you must check each library list and file- a time-consuming process that is prone to errors.

PowerShell scripts will help you automate the process.

Want to learn more about how to keep your systems safe? Sign up for our IT Executives Council Newsletter today

Additional Cybersecurity Resources

Creating a Culture of Cybersecurity Awareness

Unveiling the MGM Cybersecurity Incident: Lessons Learned and Strategies for the Future

Addressing the Cybersecurity Talent Gap: Strategies for Building Strong IT Teams


Submit a Comment

Your email address will not be published. Required fields are marked *

IT executives are invited to register to participate in this exclusive community and receive the latest news and important resources directly to your inbox: