Microsoft SharePoint Vulnerability Added in CISA Known Exploits - 20241024002

Overview

The WA SOC has been made aware of a vulnerability in Microsoft SharePoint deserialisation that allows remote code execution. A threat actor with Site Owner access could use this vulnerability to inject and execute arbitrary code within SharePoint Server.

What is vulnerable?

Product(s)	Versions	CVE #	Severity	CVSS
Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 Microsoft SharePoint Server Subscription Edition	16.0.0 < 16.0.5456.1000 16.0.0 < 16.0.10412.20001 16.0.0 < 16.0.17328.20424	CVE-2024-38094	High	7.2

What has been observed?

There are currently no reports of these vulnerabilities being exploited in the wild at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):

• SharePoint Server 2024 https://support.microsoft.com/help/5002606
• SharePoint Server 2019 https://support.microsoft.com/help/5002615
• SharePoint Server 2016 https://support.microsoft.com/help/5002618

Additional References

• CISA: https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog
• Thehackernews: https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html