CISA Warns of Critical Microsoft SharePoint Vulnerability Amid Active Exploitation

October 24, 2024Source: The Hacker News

Found this useful? Share it with your network

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has classified a high-severity vulnerability in Microsoft SharePoint, identified as CVE-2024-38094, as part of its Known Exploited Vulnerabilities catalog following indications of active exploitation. This deserialization vulnerability, which carries a CVSS score of 7.2, permits authenticated attackers with Site Owner permissions to inject arbitrary code into SharePoint Server. Microsoft has addressed this issue in its July 2024 Patch Tuesday updates. The concern is amplified by the existence of proof-of-concept exploits in the public domain, despite no confirmed real-world incidents. CISA requires Federal Civilian Executive Branch agencies to implement the security updates by November 12, 2024.

Read Full Article

Opens on The Hacker News

More News

AMA Asking For Stronger Safeguards on AI Mental Health Chatbots

April 29, 2026MobiHealthNews

Andrea Daugherty Appointed Chief Information and Digital Transformation Officer at ARMC

April 24, 2026arrowheadregional.org

Craig Richardville Appointed Chief Digital and Information Officer at UF Health

April 13, 2026ufhealth.org

Former AMA Exec Margaret Lozovatsky Named CDIO At Premier Health

April 10, 2026premierhealth.com

Signature Healthcare Diverts Ambulances Following Cybersecurity Incident

April 8, 2026SecurityWeek

More Than 100 Hospitals Suing HHS Over Alleged Underpayment

April 6, 2026MedCity News