CISA: Attacks exploiting Microsoft SharePoint flaw underway

Ongoing intrusions leveraging an already patched critical privilege escalation flaw impacting Microsoft SharePoint, tracked as CVE-2023-29357, have been flagged by the Cybersecurity and Infrastructure Security Agency, which has added the issue to its Known Exploited Vulnerabilities catalog, The Hacker News reports. Federal agencies have been urged to remediate the flaw by Jan. 31. Such a vulnerability, which was fixed by Microsoft as part of its Patch Tuesday updates last June, could be leveraged to secure administrator privileges. "An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user," said Microsoft, which noted that neither privileges nor user actions were needed to facilitate the compromise. Meanwhile, an exploit chain combining the flaw with a code injection vulnerability, tracked as CVE-2023-24955, that was also previously addressed by Microsoft had been developed by StarLabs SG security researcher Nguyen Tien Giang.