Open Nav
Sign Up

Urgent Security Advisory: Active Exploitation of Microsoft SharePoint Vulnerability

Bar Refael

January 14, 2024

Active Exploitation of Microsoft SharePoint Vulnerability

In alignment with OP Innovate’s commitment to robust cybersecurity, we are urgently notifying our clients about a critical security vulnerability in Microsoft SharePoint Server. This advisory incorporates recent alerts from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) to provide comprehensive guidance.

Vulnerability Overview:

  • CVE Identifier: CVE-2023-29357
  • Severity: High (CVSS score: 9.8)
  • Vulnerability Type: Privilege Escalation Flaw in Microsoft SharePoint Server
  • Status: Actively Exploited

Impact and Exploitation:

This vulnerability allows attackers to gain administrator-level access through a privilege escalation flaw. It is exploited via spoofed JWT authentication tokens, bypassing standard authentication procedures and gaining unauthorized access.

CISA Alert and BOD 22-01 Directive:

  • CISA added CVE-2023-29357 to its Known Exploited Vulnerabilities Catalog on January 10, 2024, due to active exploitation.
  • The Binding Operational Directive (BOD) 22-01 requires Federal Civilian Executive Branch agencies to remediate such vulnerabilities urgently.
  • Although BOD 22-01 specifically targets federal agencies, CISA strongly recommends all organizations prioritize the remediation of these vulnerabilities.

Patch and Response:

Microsoft released patches in June 2023. We strongly urge all clients using Microsoft SharePoint Server to apply these updates immediately.

OP Innovate’s Advisory:

  • Immediate Action: Apply the Microsoft patches for CVE-2023-29357 without delay.
  • Review Security Posture: We advise reviewing your organization’s overall security posture to ensure resilience against such vulnerabilities.
  • Stay Informed: OP Innovate is committed to providing ongoing updates and support regarding this and other cybersecurity threats.

Conclusion:

The security of our clients’ digital assets is paramount. This advisory underlines the importance of swift and decisive action to mitigate the risks posed by CVE-2023-29357. We are committed to assisting our clients in navigating these challenges to maintain system integrity.

Stay Safe and Secure,

OP Innovate Cybersecurity Team.

Resources highlights

Critical Check Point VPN Zero-Day Exploited in Attacks Linked to Qilin Ransomware (CVE-2026-50751)

Check Point has released emergency security updates for a critical authentication bypass vulnerability affecting specific Remote Access VPN and Mobile Access deployments. Tracked as CVE-2026-50751,…

Read more >

cve-2026-50751

Critical Windows Netlogon RCE Now Exploited in the Wild: CVE-2026-41089

A critical Windows Netlogon remote code execution vulnerability, tracked as CVE-2026-41089, is now reportedly being exploited in the wild. The vulnerability affects Windows Server systems…

Read more >

CVE-2026-41089

Palo Alto PAN-OS GlobalProtect Authentication Bypass: CVE-2026-0257

A high-risk authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect, tracked as CVE-2026-0257, is now being actively exploited in the wild.Although Palo Alto Networks…

Read more >

cve-2026-0257

Microsoft Defender Vulnerabilities Added to CISA KEV (CVE-2026-41091, CVE-2026-45498)

CISA has added two Microsoft Defender vulnerabilities to its Known Exploited Vulnerabilities catalog following evidence of active exploitation. The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498,…

Read more >

cve-2026-41091, cve-2026-45498

CVE-2026-42945: Actively Exploited NGINX Rewrite Module Vulnerability Enables Worker Crashes and Possible RCE

CVE-2026-42945 is a heap-based buffer overflow vulnerability affecting NGINX Plus and NGINX Open Source. The flaw exists in the ngx_http_rewrite_module and can be triggered through…

Read more >

CVE-2026-42945

CVE Overload is Here: Why Regular Penetration Testing Matters More Than Ever

On 15 April 2026, NIST made a change that every security leader should pay attention to. The National Vulnerability Database is no longer trying to…

Read more >

CVE overload
Under Cyber Attack?

Fill out the form and we will contact you immediately.