Urgent Security Advisory: Active Exploitation of Microsoft SharePoint Vulnerability

Bar Refael

January 14, 2024

Active Exploitation of Microsoft SharePoint Vulnerability

In alignment with OP Innovate’s commitment to robust cybersecurity, we are urgently notifying our clients about a critical security vulnerability in Microsoft SharePoint Server. This advisory incorporates recent alerts from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) to provide comprehensive guidance.

Vulnerability Overview:

  • CVE Identifier: CVE-2023-29357
  • Severity: High (CVSS score: 9.8)
  • Vulnerability Type: Privilege Escalation Flaw in Microsoft SharePoint Server
  • Status: Actively Exploited

Impact and Exploitation:

This vulnerability allows attackers to gain administrator-level access through a privilege escalation flaw. It is exploited via spoofed JWT authentication tokens, bypassing standard authentication procedures and gaining unauthorized access.

CISA Alert and BOD 22-01 Directive:

  • CISA added CVE-2023-29357 to its Known Exploited Vulnerabilities Catalog on January 10, 2024, due to active exploitation.
  • The Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch agencies to remediate such vulnerabilities urgently.
  • Although BOD 22-01 specifically targets federal agencies, CISA strongly recommends all organizations prioritize the remediation of these vulnerabilities.

Patch and Response:

Microsoft released patches in June 2023. We strongly urge all clients using Microsoft SharePoint Server to apply these updates immediately.

OP Innovate’s Advisory:

  • Immediate Action: Apply the Microsoft patches for CVE-2023-29357 without delay.
  • Review Security Posture: We advise reviewing your organization’s overall security posture to ensure resilience against such vulnerabilities.
  • Stay Informed: OP Innovate is committed to providing ongoing updates and support regarding this and other cybersecurity threats.

Conclusion:

The security of our clients’ digital assets is paramount. This advisory underlines the importance of swift and decisive action to mitigate the risks posed by CVE-2023-29357. We are committed to assisting our clients in navigating these challenges to maintain system integrity.

Stay Safe and Secure,

OP Innovate Cybersecurity Team.

Resources highlights

CVE-2025-20286: Cloud Credential Reuse Exposes Cisco ISE to Remote Exploitation

Cisco Identity Services Engine Cloud Static Credential Vulnerability Date: June 6, 2025Severity: Critical (CVSS 9.9)Threat Level: HIGHExploitation Status: Proof-of-Concept (PoC) exploit publicly available Executive Summary…

Read more >

CVE-2025-20286

CVE-2025-5419: Google Patches Actively Exploited Chrome Zero-Day

Google has released an emergency security update to address a high-severity zero-day vulnerability in Chrome (CVE-2025-5419), which is already being actively exploited in the wild.…

Read more >

CVE-2025-5419

Critical Cisco IOS XE Flaw (CVE-2025-20188): Exploit Details Now Public

A critical vulnerability in Cisco IOS XE Wireless LAN Controllers (WLCs), tracked as CVE-2025-20188, is now drawing heightened concern after full technical exploit details were…

Read more >

CVE-2025-20188

Eye of the Storm: Dissecting the Playbook of Cyber Toufan

How an Iranian-Linked Group Turned Simple Security Weaknesses into Mass Breaches By Matan Matalon, Filip Dimitrov The digital frontlines of the Israel-Gaza conflict have rapidly…

Read more >

cyber toufan

CISA Adds Zimbra Collaboration Vulnerability (CVE-2024-27443) to Known Exploited Catalog

CVE-2024-27443 is an actively exploited XSS vulnerability in the Zimbra Collaboration Suite (ZCS), affecting versions 9.0 and 10.0. The flaw resides in the CalendarInvite feature…

Read more >

CVE-2024-27443

CISA: Recently Patched Chrome Bug is Being Actively Exploited (CVE-2025-4664)

CVE-2025-4664 is a high-severity vulnerability in the Loader component of Google Chrome, caused by insufficient policy enforcement. Successful exploitation allows a remote attacker to leak…

Read more >

CVE-2025-4664