Jun 25 2024

Interns Corner – Microsoft SharePoint vulnerability gives attackers access to inject malware and steal file information

Last month, two vulnerabilities were reported within Microsoft Sharepoint giving attackers file information access and remote code execution (RCE).

The first vulnerability, tracked as CVE 2024-30043, results in the disclosure of file content within SharePoint. This is due to improper restriction of XML external entity reference, occurring when an application parses XML, or extensible markup language, from an untrusted source without restricting outside resource accessibility. The scope of information an attacker can gain access to depends on the privileges the compromised user has enabled.

The second vulnerability, tracked as CVE 2024-30044,  is rooted from deserialization of untrusted data, outside data being constructed back into an object in the system’s memory. An authenticated attacker with specific site permissions can upload a file as well as make API requests to trigger the deserialization of file parameters within SharePoint. This gives the attacker RCE within the SharePoint server, leading to the entire server, application, or network being compromised.

Microsoft has recently released a security update patching these vulnerabilities. To mitigate the chances of an attack on your SharePoint server, it is recommended to install update KB5002599 and keep your SharePoint server up to date.