CISA Adds Two Actively Exploited Microsoft SharePoint Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, identified as CVE-2023-24955 (a spoofing vulnerability) and CVE-2023-29357 (an elevation of privilege vulnerability), are being actively exploited in the wild. Microsoft has acknowledged these vulnerabilities and released patches. Federal civilian executive branch (FCEB) agencies are urged to apply these patches immediately to mitigate potential security risks. The inclusion of these vulnerabilities in the KEV catalog underscores their severity and the immediate threat they pose. Cybersecurity professionals managing SharePoint environments should prioritize patching these vulnerabilities. Additionally, organizations should monitor for signs of exploitation and look for indicators of compromise (IOCs) related to these vulnerabilities. The active exploitation of these zero-day vulnerabilities highlights the importance of robust vulnerability management processes and the ability to quickly apply patches. The widespread use of SharePoint means that these vulnerabilities could impact a large number of organizations, emphasizing the need for prompt action.