Microsoft SharePoint flaw exploited to hack corporate networks

2 weeks ago

(Image credit: reklamlar)

Hackers were spotted abusing a precocious severity vulnerability successful Microsoft SharePoint to summation entree to firm IT infrastructure.

A study from cybersecurity researchers Rapid7 revealed really unnamed cybercriminals leveraged a flaw tracked arsenic CVE-2024-38094 to found first entree connected nan target’s network.

This is simply a distant codification execution (RCE) flaw successful SharePoint, Microsoft’s web-based level for collaboration and archive management, pinch a severity people of 7.2, and was fixed successful mid-July 2024 arsenic portion of a Patch Tuesday cumulative update.

Advanced reasoning

The vulnerability allowed nan crooks to entree nan network, wherever they dwelled for 2 weeks.

During that time, they utilized a Fast Reverse Proxy to found an outbound connection, ran Active Directory (AD) enumeration tools, and engaged successful credential dumping via aggregate devices specified arsenic NTDSUtil and Mimikatz.

Finally, they installed a Chinese antivirus solution to degrade, aliases disable, information devices connected systems.

“This progressive nan work relationship installing nan Horoung Antivirus (AV) software, which was not an authorized package successful nan environment,” nan researchers said successful nan blog post.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

“For context, Horoung Antivirus is simply a celebrated AV package successful China that tin beryllium installed from Microsoft Store. Most notably, nan installation of Horoung caused a conflict pinch progressive information products connected nan system. This resulted successful a clang of these services. Stopping nan system’s existent information solutions allowed nan attacker state to prosecute follow-on objectives frankincense relating this malicious activity to Impairing Defenses.”

In nan meantime, nan US Cybersecurity and Infrastructure Security Agency (CISA) added nan RCE flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving national agencies a tight deadline to reside nan flaw, aliases extremity utilizing SharePoint entirely.

Via BleepingComputer

More from TechRadar Pro

Microsoft SharePoint has a worrying information flaw, experts warn
Here's a database of nan best firewalls today
These are nan best endpoint protection tools correct now

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.

Source Technology