As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.
This week, a new critical alert demands the immediate attention and action of the mission-critical community, underlining the crucial role that public-safety leaders play in maintaining the security of their operations.
Advisory Overview
On October 22, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-38094, a Microsoft SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, with a CVSS[1] score of 7.2 (on a 10-point scale), initially was announced by Microsoft in June 2024, and a patch was made available during that month’s Patch Tuesday release.
The vulnerability affects on-premises versions of Microsoft SharePoint, including Microsoft SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. It is caused by an input-validation error within the SharePoint Server search component, which could result in remote code execution. CISA has issued a directive requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary security updates by November 12, 2024, to protect their networks from potential exploitation.
What Is the Risk?
This vulnerability poses a significant risk to organizations using affected versions of SharePoint. Cyberattackers can exploit this flaw to inject and execute arbitrary code within the context of the SharePoint Server (but they must have site-owner permissions to carry out the attack). Exploiting this vulnerability could enable cyberattackers to steal sensitive data, deploy malware, or escalate privileges within a compromised network. While specific exploitation details have not been disclosed, CISA's inclusion of this vulnerability in the KEV catalog indicates credible reports of active exploitation in the wild.
Why Is it Noteworthy?
While details on active exploitation are limited, the availability of proof-of-concept (PoC) exploits suggests that even low-skilled cyberattackers could exploit this vulnerability. Given its inclusion in CISA’s KEV catalog, organizations must act swiftly and apply the relevant updates to ensure that their systems are secure.
What Are the Recommendations?
MCP recommends that organizations immediately apply the latest patches provided by Microsoft. Both CISA and Microsoft strongly advise applying these updates as a critical step in protecting against potential exploitation. The security patches are available in Microsoft’s Security Vulnerability Advisory.
How MCP Can Help
MCP offers a comprehensive cybersecurity solutions suite designed specifically for public-safety and justice entities and other critical-infrastructure organizations to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact JasonFranks@MissionCriticalPartners.com today to learn more.
[1] Common Vulnerability Scoring System.