API security
Cyber landscape
Cybersecurity
November 11, 2024

Microsoft Sharepoint Vulnerability Disclosure

Recently, Microsoft Sharepoint had to patch several vulnerabilities that could have allowed remote code execution for a user with “Site Owner” privileges. High privileged user access needs to happen via secure APIs to ensure protection against cases like these.

Microsoft Sharepoint Vulnerability Disclosure

API security is a topic of high priority in 2024. At FireTail, we’ve been seeing a rapid increase in the volume of API attacks and this is only projected to continue in the years to come, as we grow more and more reliant on APIs to power the modern internet. 

And when it comes to attacks, vulnerabilities, and risks, larger tech companies are far from exempt. Recently, researchers discovered not one, not two, but three vulnerabilities in Microsoft Sharepoint, a shareable content platform run by Microsoft.

The vulnerabilities

The vulnerabilities have been classified as deserialization vulnerabilities. Deserialization attacks occur when an attacker exploits an applications deserialization process by using untrusted data. 

“An authenticated attacker with Site Owner permissions can use the vulnerabilities to inject arbitrary code and execute this code in the context of SharePoint Server.”

There were three different CVEs, all the same kinds of vulnerabilities, but all targeting different components. These vulnerabilities each could have resulted in remote code execution, but as far as we know, only one of them has been exploited in the wild.

According to SOCRadar:

"The PoC script [...] automates authentication to a target SharePoint site using NTLM, creates a specific folder and file, and sends a crafted XML payload to trigger the vulnerabilities in the SharePoint client API."

To add to this risk, the PoC (proof of concept) is in the public domain, meaning that anyone online can access and attempt to use this information in an attack. According to SOCRadar:

"The PoC script [...] automates authentication to a target SharePoint site using NTLM, creates a specific folder and file, and sends a crafted XML payload to trigger the vulnerability in the SharePoint client API.”

Using the deserialization, the attacker could make the server execute commands via an encoded string.

Takeaways

API security is a pressing issue across all industries, even for tech giants like Microsoft, who recently had to patch multiple deserialization vulnerabilities in their Sharepoint platform which could have allowed bad actors to execute privileged actions. As APIs continue to rise in use, attacks are growing and becoming more complex every day. Take charge of your API security with FireTail today- schedule a free demo here, or start a free trial now.

Lina Romero

Related posts

Crossbarking via Chrome Extension
November 14, 2024

Crossbarking via Chrome Extension

Attackers used an attack method known as “crossbarking” via a malicious Chrome extension to inject custom code into the target’s Opera browser.

Read more
Better Off Apart
November 12, 2024

Better Off Apart

In a world of cyber risks, authorization is one of the most critical steps in an API security strategy. However, when it comes to authorization, the C-suite of FireTail believes it is better kept apart.

Read more
FireTail support for Enhanced Payload Logging For AWS API Gateway V1
November 1, 2024

FireTail support for Enhanced Payload Logging For AWS API Gateway V1

The latest update to FireTail’s platform introduces enhanced logging capabilities for API Gateway V1, offering detailed insights into request and response data, including headers, bodies, and additional metrics.

Read more

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!