A previously patched vulnerability in Microsoft SharePoint is now at the center of a large-scale cyber campaign targeting government entities worldwide. Security researchers have confirmed attacks against over 90 state and local government organizations across North America, Europe, and Asia-Pacific regions.
The vulnerability, tracked as CVE-2023-29357, was originally patched by Microsoft in June 2023 as part of its monthly security updates. This privilege escalation flaw, with a CVSS score of 9.8 (Critical), allows attackers to gain administrator privileges on affected SharePoint servers without requiring authentication.
Technical Analysis:
The exploit chain involves:
- Spoofing JWT authentication tokens
- Bypassing SharePoint's security validation
- Executing remote code with SYSTEM privileges
Government systems appear particularly vulnerable due to:
- Extended patch cycles (often 90+ days for validation)
- Heavy reliance on SharePoint for sensitive document management
- Complex hybrid environments (cloud/on-premises)
Mitigation Recommendations:
- Immediate application of June 2023 SharePoint security updates
- Network segmentation for SharePoint servers
- Multi-factor authentication enforcement
- Continuous monitoring for unusual admin account activity
The attacks follow a pattern of credential harvesting followed by data exfiltration, suggesting possible nation-state involvement. Microsoft has reiterated its guidance to apply all security updates promptly, especially for internet-facing systems.
Comentarios 0
Comentando como:
¡Únete a la conversación!
Sé el primero en compartir tu opinión sobre este artículo.
¡Inicia la conversación!
Sé el primero en comentar este artículo.