One to look at urgently

There are certain parts of your infrastructure that you really don't want to see attacked, and one of them is Microsoft SharePoint. Having attackers masquerading as users or finding you can't access your data is the stuff of nightmares.

Enter CVE-2023-29357. At the bottom of it there's an issue with the way that JSON web tokens (used to claim a particular set of accesses) are processed - it's possible to spoof a token that gives a malicious actor access first as a named user, then as a site administrator. This is bad enough, but a researcher has shown how to chain this to a second vulnerability which allows site administrators to inject code into SharePoint. This could be used to either deny service, or to affect the integrity of data.

There is now a publicly available script on GitHub which will allow a user to exploit CVE-2023-29357. It's known to affect SharePoint 2019; at the moment it isn't clear whether other versions of SharePoint are also affected.

Patches are available from Microsoft, who also report that users who have Defender enabled across their SharePoint farms and have antimalware scan interface (AMSI) integration enabled are protected from the effects of the vulnerability.

It's going to be a busy Friday if you're lucky - or a busy weekend if not.

#vulnerability #sharepoint #rce