Researchers Release Details of New RCE Exploit Chain for SharePoint


Researchers who identified two serious flaws in Microsoft SharePoint Server have disclosed the specifics of an attack they created that combines the flaws to allow remote code execution on vulnerable servers. Another security researcher published proof-of-concept code for one of the SharePoint vulnerabilities this week on GitHub, demonstrating how an attacker could use the bug to get administrative rights on susceptible computers.

An elevation of privilege weakness in SharePoint Server 2019 is one of the vulnerabilities, identified as CVE-2023-29357, for which Microsoft released a fix in its monthly security update for June. A faked JSON Web Token (JWT) can be used by an unauthenticated attacker to get around authentication restrictions and take control of a vulnerable SharePoint server.

Read More…