The US Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security flaw in Microsoft SharePoint Server [1] [2], known as CVE-2023-29357 [1] [2] [3] [5] [6]. This flaw allows attackers to gain unauthorized access and potentially obtain administrator privileges. CISA has evidence of active exploitation of this vulnerability and advises users to apply specific updates to protect against active threats.


CVE-2023-29357 is a privilege escalation vulnerability in Microsoft SharePoint Server that has been included in CISA’s list of Known Exploited Vulnerabilities (KEV). This flaw has a CVSS score of 9.8, indicating its severity [1]. By exploiting this vulnerability [1] [4], attackers can gain access to the privileges of an authenticated user [4]. Despite Microsoft issuing a patch in June, the vulnerability is still being actively exploited [6]. CISA recommends updating systems by January 31 to mitigate the risk of monetary loss, reputational damage [4], and data loss [4].


The exploitation of CVE-2023-29357 can have significant impacts on organizations, including financial losses, damage to reputation, and compromised data. To protect against active threats [3], it is crucial to apply the specific updates recommended by CISA. While the Binding Operational Directive 22-01 only applies to Federal Civilian Executive Branch agencies [7], CISA strongly urges all organizations to prioritize timely remediation of Catalog vulnerabilities to reduce their exposure to cyberattacks [7]. It is essential to address this vulnerability promptly to mitigate risks and ensure the security of systems and data.