Open Nav
Sign Up

Urgent Security Advisory: Active Exploitation of Microsoft SharePoint Vulnerability

Bar Refael

January 14, 2024

Active Exploitation of Microsoft SharePoint Vulnerability

In alignment with OP Innovate’s commitment to robust cybersecurity, we are urgently notifying our clients about a critical security vulnerability in Microsoft SharePoint Server. This advisory incorporates recent alerts from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) to provide comprehensive guidance.

Vulnerability Overview:

  • CVE Identifier: CVE-2023-29357
  • Severity: High (CVSS score: 9.8)
  • Vulnerability Type: Privilege Escalation Flaw in Microsoft SharePoint Server
  • Status: Actively Exploited

Impact and Exploitation:

This vulnerability allows attackers to gain administrator-level access through a privilege escalation flaw. It is exploited via spoofed JWT authentication tokens, bypassing standard authentication procedures and gaining unauthorized access.

CISA Alert and BOD 22-01 Directive:

  • CISA added CVE-2023-29357 to its Known Exploited Vulnerabilities Catalog on January 10, 2024, due to active exploitation.
  • The Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch agencies to remediate such vulnerabilities urgently.
  • Although BOD 22-01 specifically targets federal agencies, CISA strongly recommends all organizations prioritize the remediation of these vulnerabilities.

Patch and Response:

Microsoft released patches in June 2023. We strongly urge all clients using Microsoft SharePoint Server to apply these updates immediately.

OP Innovate’s Advisory:

  • Immediate Action: Apply the Microsoft patches for CVE-2023-29357 without delay.
  • Review Security Posture: We advise reviewing your organization’s overall security posture to ensure resilience against such vulnerabilities.
  • Stay Informed: OP Innovate is committed to providing ongoing updates and support regarding this and other cybersecurity threats.

Conclusion:

The security of our clients’ digital assets is paramount. This advisory underlines the importance of swift and decisive action to mitigate the risks posed by CVE-2023-29357. We are committed to assisting our clients in navigating these challenges to maintain system integrity.

Stay Safe and Secure,

OP Innovate Cybersecurity Team.

Resources highlights

Guidance to Address Ongoing Exploitation of Fortinet SSO Vulnerability (CVE-2026-24858)

CVE-2026-24858 is a critical authentication bypass in FortiCloud Single Sign-On (SSO) that can allow an attacker with a FortiCloud account and a registered device to…

Read more >

cve-2026-24858

CVE-2024-37079: VMware vCenter Server DCERPC Heap Overflow (RCE)

CVE-2024-37079 is a critical remote code execution (RCE) vulnerability in VMware vCenter Server caused by a heap overflow in the DCERPC protocol implementation. On January…

Read more >

cve-2024-37079

CVE-2026-24061: GNU Inetutils telnetd Remote Authentication Bypass

CVE-2026-24061 is a pre-authentication remote authentication bypass in GNU Inetutils telnetd. The flaw carries a Critical CVSS:3.1 severity score of 9.8 and allows an attacker…

Read more >

CVE-2026-24061

CVE-2026-0227: PAN-OS GlobalProtect Denial-of-Service Vulnerability

CVE-2026-0227 is a high-severity denial-of-service vulnerability affecting Palo Alto Networks PAN-OS and Prisma Access deployments where GlobalProtect Gateway or Portal is enabled. The flaw allows…

Read more >

cve-2026-0227

CVE-2026-20805: Windows Desktop Window Manager (DWM) Zero-Day

CVE-2026-20805 is a Windows Desktop Window Manager (DWM) information disclosure vulnerability that has been exploited in the wild as a zero-day.While the CVSS v3.1 base…

Read more >

cve-2026-20805

CVE-2025-12420 (“BodySnatcher”): Unauthenticated User Impersonation in ServiceNow AI Platform

CVE-2025-12420 is a critical (CVSS 9.3) vulnerability in the ServiceNow AI Platform that can allow a remote, unauthenticated attacker to impersonate another user and then…

Read more >

cve-2025-12420
Under Cyber Attack?

Fill out the form and we will contact you immediately.