Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Vulnerability in Microsoft SharePoint Server
Alerts

Active Exploitation of Critical Vulnerability in Microsoft SharePoint Server

15 January 2024

Microsoft had previously released updates addressing a critical vulnerability (CVE-2023-29357) in Microsoft SharePoint Server. The vulnerability is reportedly being actively exploited and has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain administrative privileges over the compromised server.

The vulnerability affects Microsoft SharePoint Server 2019.

CVE-2023-29357 may also be chained with another vulnerability (CVE-2023-24955) to achieve remote code execution capabilities for the attacker. The proof-of-concept exploit chaining these two vulnerabilities are publicly available.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955

https://www.bleepingcomputer.com/news/security/cisa-critical-microsoft-sharepoint-bug-now-actively-exploited/?fbclid=IwAR3AQBKhF9jGuxAdr3aGf7K8FH3W0fVCupnOC0s3ZGXBwMEs6mw2mkpH5mU_aem_AcZyq88-dmaDeMD9etpu7B-hZmKeyKSVxz07muHhquWoTd1y8T0_uxDmPzY7MFc-NKg

Back to top