CVE-2023-29357

CVE-2023-29357 is a high-severity vulnerability that was identified in Microsoft SharePoint Server. This flaw in software design or implementation allowed remote attackers to escalate privileges on affected installations of Microsoft SharePoint Server, posing a significant threat to the security of the system. The vulnerability was exploited during the Pwn2Own competition, demonstrating its critical nature and potential for misuse. It was among 78 CVEs addressed, including others such as CVE-2023-29363, CVE-2023-32014, CVE-2023-32015, and CVE-2023-32031, all of which were reported to be at high risk of exploitation. The vulnerability was proven to be exploitable due to attacks that took advantage of vulnerabilities previously patched in May and June 2023 (CVE-2023-24955 and CVE-2023-29357 respectively). These exploits highlighted the importance of maintaining up-to-date patches and emphasized the ongoing risks associated with software vulnerabilities. Despite these fixes, the continued exploitation of CVE-2023-29357 showed that threat actors were still able to take advantage of this vulnerability, underlining its severity. On January 11, 2024, the US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog, indicating that the flaw was being actively exploited by threat actors. This inclusion in the KEV catalog signaled a heightened need for organizations to prioritize addressing this vulnerability. Adam Barnett, lead software engineer at Rapid7, also stressed the urgency for organizations to prioritize this critical SharePoint elevation of privilege bug.