The Cybersecurity and Infrastructure Security (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that US federal civilian agencies implement the patch for it by April 16. As per usual, details about the attack in which the flaw is leveraged have not been shared. About CVE-2023-24955 and CVE-2023-29357 CVE-2023-24955 and CVE-2023-29357, a Microsoft … More
The post Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) appeared first on Help Net Security.
