A serious vulnerability affecting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), following evidence of active exploitation.
Tracked as CVE-2024-38094, this flaw has a CVSS score of 7.2 and is identified as a deserialization vulnerability. It poses a risk of remote code execution.
In a statement regarding the vulnerability, Microsoft noted, "An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server."
Microsoft released patches for the vulnerability in its July 2024 Patch Tuesday updates. The threat level escalates due to the availability of proof-of-concept (PoC) exploits in the public domain.
According to SOCRadar, "The PoC script automates authentication to a target SharePoint site using NTLM, creates a specific folder and file, and sends a crafted XML payload to trigger the vulnerability in the SharePoint client API."
While there are no known reports of CVE-2024-38094 being exploited in the wild, the Federal Civilian Executive Branch (FCEB) agencies are required to apply the latest patches by November 12, 2024, to mitigate the risk.
In another significant development, Google's Threat Analysis Group (TAG) disclosed that a now-patched zero-day vulnerability in Samsung’s mobile processors has also been weaponized in an exploit chain, achieving arbitrary code execution.
This vulnerability, tracked as CVE-2024-44068 with a CVSS score of 8.1, was addressed on October 7, 2024. Samsung described the flaw as a "use-after-free vulnerability in the mobile processor leading to privilege escalation."
Despite Samsung's advisory not indicating exploitation in the wild, Google TAG researchers Xingyu Jin and Clement Lecigne said, "The actor is able to execute arbitrary code in a privileged cameraserver process." They also highlighted that the exploit renamed the process name to vendor.samsung.hardware.camera.provider@3.0-service, likely for anti-forensic purposes.
These disclosures come amidst a new proposal from CISA, which outlines a set of security requirements aimed at preventing bulk access to sensitive U.S. personal or government-related data by countries of concern or specific individuals.
The proposal mandates that organizations must remediate known exploited vulnerabilities within 14 calendar days, address critical vulnerabilities without exploits within 15 days, and fix high-severity vulnerabilities without exploits within 30 days.
To ensure compliance, CISA stated, "It is necessary to maintain audit logs of such accesses and implement organizational processes to utilize those logs. Additionally, organizations must develop identity management processes to control access to sensitive data."
© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067