Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2024-38094
Key Information
- Vendor
- Microsoft
- Status
- Microsoft Sharepoint Enterprise Server 2016
- Microsoft Sharepoint Server 2019
- Microsoft Sharepoint Server Subscription Edition
- Vendor
- CVE Published:
- 9 July 2024
Badges
Summary
This vulnerability (CVE-2024-38094) is a Microsoft SharePoint Remote Code Execution Vulnerability that is being actively exploited. The bug allows an attacker to inject code into vulnerable versions of SharePoint, potentially allowing them to execute arbitrary code in the context of the SharePoint server. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog and recommended prompt patching. Microsoft patched the vulnerability in July, and while it was not initially listed as exploited, exploitation was considered likely. With at least one proof-of-concept (POC) exploit available, the risk of malicious exploitation is high. All Federal Civilian Executive Branch agencies are mandated to apply the Microsoft fix, and organizations are strongly urged to prioritize timely remediation. Additionally, Microsoft addressed two other critical SharePoint Server flaws in its September Patch Tuesday event, further emphasizing the importance of patching to reduce exposure to potential cyberattacks.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38094 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Microsoft SharePoint Enterprise Server 2016 < 16.0.5456.1000
Microsoft SharePoint Server 2019 < 16.0.10412.20001
Microsoft SharePoint Server Subscription Edition < 16.0.17328.20424
News Articles
CSO OnlineCVE-2024-38094A new SharePoint vulnerability is already being exploited
Microsoft SharePoint makes it simpler for enterprises to help employees discover documents on their internal network — but a recently exploited vulnerability is making easier for attackers to get inside the corporate network too.
2 months ago
Microsoft SharePoint RCE bug exploited to breach corporate network
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.
2 months ago
TheCyberThroneCVE-2024-38094Microsoft Sharepoint Server CVE-2024-38094 Exploited
Threat actors have exploited a vulnerability in Microsoft SharePoint Server, identified as CVE-2024-38094, allowing them to gain complete domain access and compromise critical systems. The Rapid7 incident response team has detailed how this sophisticated attack combines various techniques to achieve...
2 months ago
Refferences
CVSS V3.1
Timeline
First article discovered by SecurityWeek
- 👾
Exploit known to exist
CISA Reported
Vulnerability published