16.01.2024
Experts are sounding the alarm about a high-risk vulnerability in Microsoft's SharePoint software. This threat, known as CVE-2023-29357, allows cybercriminals to compromise systems through the use of spoofed JWT authentication tokens. Exploitation of this vulnerability can not only lead to unauthorized code execution, but also allows potentially unauthorized individuals to gain administrative privileges.
This explosive vulnerability, which poses a serious threat to unpatched Windows servers, allows attackers to infiltrate systems and compromise critical data. The risk is compounded when this vulnerability is combined with other vulnerabilities in SharePoint.
Increased risk due to long-known security vulnerability in SharePoint
The explosive nature of this vulnerability first became apparent when it was demonstrated at a competition in Vancouver in March 2023. The subsequent technical analysis revealed the complexity and potential extent of the vulnerability.
The urgency of the situation is underlined by the CISA (Cybersecurity and Infrastructure Security Agency), which included this vulnerability in its list of critical vulnerabilities and recommended a quick fix by the end of January. This recommendation is a clear signal to companies worldwide, as despite the age of the vulnerability, many systems are still unpatched and therefore remain susceptible to attacks.
Do you have questions about the security vulnerability and need further information or short-term support? Don't hesitate, contact our experts directly now and let us check how threatened your company is.
TSO-DATA
Marvin Hitzfeld
+49 (541) 1395-94