Open Nav
Sign Up

Urgent Security Advisory: Active Exploitation of Microsoft SharePoint Vulnerability

Bar Refael

January 14, 2024

Active Exploitation of Microsoft SharePoint Vulnerability

In alignment with OP Innovate’s commitment to robust cybersecurity, we are urgently notifying our clients about a critical security vulnerability in Microsoft SharePoint Server. This advisory incorporates recent alerts from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) to provide comprehensive guidance.

Vulnerability Overview:

  • CVE Identifier: CVE-2023-29357
  • Severity: High (CVSS score: 9.8)
  • Vulnerability Type: Privilege Escalation Flaw in Microsoft SharePoint Server
  • Status: Actively Exploited

Impact and Exploitation:

This vulnerability allows attackers to gain administrator-level access through a privilege escalation flaw. It is exploited via spoofed JWT authentication tokens, bypassing standard authentication procedures and gaining unauthorized access.

CISA Alert and BOD 22-01 Directive:

  • CISA added CVE-2023-29357 to its Known Exploited Vulnerabilities Catalog on January 10, 2024, due to active exploitation.
  • The Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch agencies to remediate such vulnerabilities urgently.
  • Although BOD 22-01 specifically targets federal agencies, CISA strongly recommends all organizations prioritize the remediation of these vulnerabilities.

Patch and Response:

Microsoft released patches in June 2023. We strongly urge all clients using Microsoft SharePoint Server to apply these updates immediately.

OP Innovate’s Advisory:

  • Immediate Action: Apply the Microsoft patches for CVE-2023-29357 without delay.
  • Review Security Posture: We advise reviewing your organization’s overall security posture to ensure resilience against such vulnerabilities.
  • Stay Informed: OP Innovate is committed to providing ongoing updates and support regarding this and other cybersecurity threats.

Conclusion:

The security of our clients’ digital assets is paramount. This advisory underlines the importance of swift and decisive action to mitigate the risks posed by CVE-2023-29357. We are committed to assisting our clients in navigating these challenges to maintain system integrity.

Stay Safe and Secure,

OP Innovate Cybersecurity Team.

Resources highlights

CVE-2026-21509: Microsoft Office Zero-Day With Public PoC

CVE-2026-21509 is an actively exploited Microsoft Office security feature bypass vulnerability that allows attackers to deliver specially crafted Office documents that bypass built-in Office protections…

Read more >

cve-2026-21509

Critical Fortinet Vulnerabilities Under Active Exploitation

Multiple critical vulnerabilities affecting Fortinet products are being actively exploited in the wild, primarily targeting FortiOS SSL VPN services and internet-facing security appliances. Several of…

Read more >

fortinet vulnerabilities

CVE-2025-26399: Critical SolarWinds Web Help Desk RCE

A critical vulnerability tracked as CVE-2025-26399 affects SolarWinds Web Help Desk (WHD), a widely used IT service management platform for ticketing and asset management. The…

Read more >

CVE-2025-26399

Critical Cisco Secure FMC Vulnerabilities Allow Root Access (CVE-2026-20079 & CVE-2026-20131)

Cisco has released security updates addressing two maximum-severity vulnerabilities affecting Cisco Secure Firewall Management Center (FMC) and Cisco Security Cloud Control (SCC) firewall management platforms.…

Read more >

CVE-2026-20079 & CVE-2026-20131

Actively Exploited VMware Aria Operations RCE (CVE-2026-22719)

A high-severity vulnerability in VMware Aria Operations has been added to the Known Exploited Vulnerabilities Catalog, indicating evidence of exploitation in real-world attacks. The vulnerability,…

Read more >

CVE-2026-22719

CVE-2026-20127 & CVE-2022-20775: Active Exploitation of Cisco SD-WAN Systems

A coordinated global campaign targeting Cisco SD-WAN environments has been identified by CISA, NSA, and international partners. Threat actors are actively exploiting a chain of…

Read more >

CVE-2026-20127
Under Cyber Attack?

Fill out the form and we will contact you immediately.