<- Back to Insights
October 24, 2024
CISA Warns of Critical Microsoft SharePoint Vulnerability Amid Active Exploitation
The Hacker News
|
Contributed by: Drex DeFord
Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has classified a high-severity vulnerability in Microsoft SharePoint, identified as CVE-2024-38094, as part of its Known Exploited Vulnerabilities catalog following indications of active exploitation. This deserialization vulnerability, which carries a CVSS score of 7.2, permits authenticated attackers with Site Owner permissions to inject arbitrary code into SharePoint Server. Microsoft has addressed this issue in its July 2024 Patch Tuesday updates. The concern is amplified by the existence of proof-of-concept exploits in the public domain, despite no confirmed real-world incidents. CISA requires Federal Civilian Executive Branch agencies to implement the security updates by November 12, 2024.

Explore Related Topics