SharePoint’s Red-Carpet Walk of Shame: New Vulnerability Enters CISA’s Catalogue

In an unfortunate turn of events, Microsoft SharePoint Server has a new vulnerability (CVE-2023-29357), earning it a spot in CISA’s Known Exploited Vulnerabilities Catalog. A reminder to all to roll up their sleeves and prioritize patching up!

Hot Take:

Well, it seems our dear friend Microsoft SharePoint Server has had a bit of a tumble down the cyber-staircase, with a fresh vulnerability making it into CISA’s Celebrity Vulnerabilities Catalogue. This is not exactly a red-carpet moment we were hoping for. The catalogue, a who’s who of cyber frailty, is a living list of Common Vulnerabilities and Exposures (CVEs), and SharePoint has just earned its spot in this rather infamous hall of fame. Talk about unwanted fame!

Key Points:

  • A new vulnerability, CVE-2023-29357, in Microsoft SharePoint Server has been added to CISA’s Known Exploited Vulnerabilities Catalog.
  • The vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks.
  • The Known Exploited Vulnerabilities Catalog is a part of BOD 22-01, aimed at reducing the significant risk of known exploited vulnerabilities.
  • Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by the due date.
  • While BOD 22-01 only applies to FCEB agencies, CISA strongly encourages all organizations to prioritize timely remediation of Catalog vulnerabilities.

The Back Channel:

Adding to the Not-So-Coveted Collection:

In the latest episode of "What's Vulnerable Now?", Microsoft SharePoint Server Privilege Escalation Vulnerability, sporting the catchy moniker CVE-2023-29357, has made a bold entrance into CISA's Known Exploited Vulnerabilities Catalog. This catalogue, a virtual little black book of the cyber world's most exploited vulnerabilities, is just not the kind of list you want to be on. But here we are. Buckle up, SharePoint, it's going to be a bumpy ride!

A Binding Directive:

Enter stage left, BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. This directive isn't messing around, it's got a mission and it's sticking to it. Tasked with managing this constantly evolving catalogue of cyber weaknesses, BOD 22-01 is the strict schoolmaster, requiring Federal Civilian Executive Branch (FCEB) agencies to resolve these vulnerabilities by a set deadline. No extensions, no excuses. Just plain old cyber housekeeping.

A Plea to All:

While BOD 22-01 only directly applies to FCEB agencies, CISA is playing the role of the concerned neighbor, urging everyone on the block to prioritize patching up these vulnerabilities. Because, let's face it, nobody wants to be the weakest link in the cyber neighborhood watch. So, let's roll up those sleeves and get patching, people!