Recently, security experts uncovered a disturbing development - ransomware criminals gaining access to a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability. This alarming revelation was significant enough to prompt its addition to the US's must-patch list by the Cybersecurity and Infrastructure Security Agency (CISA).
Tracked as CVE-2023-29357, this SharePoint vulnerability was initially identified by Nguyễn Tiến Giang of STAR Labs during Vancouver's Pwn2Own contest in March 2023. Classified as a critical elevation of privileges (EoP) vulnerability with a severity score of 9.8, it enables potential remote code execution (RCE). Despite Microsoft addressing it in June 2023's Patch Tuesday, the situation took a darker turn.
Kevin Beaumont, a researcher, revealed that at least one ransomware group possesses a working exploit for CVE-2023-29357. Although CISA stated that the use of this exploit in ransomware campaigns is currently "unknown," the urgency to address it cannot be overstated. When vulnerabilities make it to CISA's known exploited vulnerabilities (KEV) list, federal agencies have a three-week window to patch them, as they are actively exploited by cybercriminals.
The journey of this vulnerability from discovery to exploitation is both intriguing and concerning. Jang's successful chaining of CVE-2023-29357 with another bug at Pwn2Own led to Microsoft's initial fix in June. The proof of concept (PoC) code for CVE-2023-29357 landed on GitHub in September, creating a foundation for potential exploitation.
Despite the warnings issued in September about the PoC code providing a launching pad for cybercriminals, the ransomware attacks did not materialize as expected. The delay may be attributed to the complexity involved in chaining CVE-2023-29357 with CVE-2023-24955. Jang and his team spent nearly a year of meticulous effort and research to achieve this feat, emphasizing the sophistication of the exploit.
The urgency for IT administrators to patch both CVE-2023-29357 and CVE-2023-24955 is underscored. Applying the June 2023 Patch Tuesday updates alone won't suffice, as manual, SharePoint-specific patches are required. The process ensures that the fixes are correctly applied since Windows Update won't install these patches automatically.
The severity of CVE-2023-29357 lies in its potential to grant administrator privileges, posing a severe threat to organizations. Meanwhile, CVE-2023-24955, although requiring privileges for remote exploitation, carries its own risks. NHS Digital reports no known proof of concept code for the RCE vulnerability circulating online, indicating a secretive development by those exploiting it.
In conclusion, the revelation of ransomware gangs exploiting the CVE-2023-29357 vulnerability serves as a stark reminder of the evolving nature of cyber threats. Organizations must remain vigilant, understanding that the delay in exploitation does not diminish the severity of the risk. Swift action, thorough patching, and ongoing cybersecurity measures are paramount to safeguarding against emerging threats in the digital realm.
This is to certify that Institute of Innovation and Professional Development (IIPD) has successfully completed a hands-on training on Advanced PLC Program Professional (APP) for Company’s staff from 04th October 2022 to 16th October 2022. We...
Read MoreZemen Bank would like to thank Institute of Innovation and Professional Development (IIPD) for providing successful training on “Building Management System (BMS)” to three employees of Zemen Bank in UAE, Dubai. We certify that the trai...
Read MoreI have completed PLC, Control panel courses with them and enjoyed the course and learned a lot with them. As the content they provided was well organized, it was easy to understand the logic. Moreover, the instructors are well-educated and know wha...
Read MoreFirst I have to thank IIPD for arranging KNX certification here in Dubai. I am trying for past 2 years to take KNX certification and unfortunately I couldn’t finally my wait comes to an End, certified to KNX through IIPD. The KNX tutor they a...
Read MoreIIPD is the best institute in Dubai for the PLC and Automation training. My training was very successful and it build me to a higher level for PLC programming and automation skills, started from basics. The practical classes with modern PLCs and co...
Read MoreThe staffs were very helpful and friendly. The training coordinator was very easy to contact and helpful with scheduling classes. Instructors were very approachable and knowledgeable when teaching the course. Overall course delivery was very good...
Read More