Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33134

8.8HIGH

Key Information:

Vendor

Microsoft
Status
Microsoft Sharepoint Enterprise Server 2016
Microsoft Sharepoint Server 2019
Microsoft Sharepoint Server Subscription Edition
Vendor
CVE Published:
11 July 2023

What is CVE-2023-33134?

A remote code execution vulnerability exists in Microsoft SharePoint Server that could allow an attacker to execute arbitrary code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. To exploit the vulnerability, an attacker would need to convince the user to open a specially crafted file. Users with fewer user rights might be less impacted than users who operate with administrative user rights. It is crucial for organizations using affected SharePoint Server versions to apply the latest security updates to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Microsoft SharePoint Enterprise Server 2016 x64-based Systems 16.0.0 < 16.0.5404.1000

Microsoft SharePoint Server 2019 x64-based Systems 16.0.0 < 16.0.10400.20008

Microsoft SharePoint Server Subscription Edition x64-based Systems 16.0.0 < 16.0.16130.20642

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.