CISA: Microsoft SharePoint RCE flaw now actively exploited

Summary

CISA has issued a warning that a high-severity Remote Code Execution (RCE) vulnerability in Microsoft SharePoint, which was initially patched in May, is now being actively exploited by attackers. The vulnerability allows for arbitrary code execution. Organizations are urged to apply patches immediately.

IFF Assessment

FOE

The active exploitation of a high-severity RCE vulnerability in a widely used platform like Microsoft SharePoint poses an immediate and significant threat to defenders.

Severity

9.8 Critical (AI Estimated)

A CVSS score of 9.8 is assigned because this is a Remote Code Execution (RCE) vulnerability in a critical enterprise platform (Microsoft SharePoint) that is now actively exploited, indicating high impact, high exploitability, and potentially no authentication or user interaction required for successful exploitation.

Defender Context

Defenders must prioritize patching all Microsoft SharePoint instances immediately, even if they applied the May patch, as the active exploitation means unpatched systems are at severe risk. It's crucial to also scan for signs of compromise on any SharePoint servers and enhance monitoring for suspicious activity. This incident underscores the importance of prompt patching and robust vulnerability management programs.

Read Full Story →