Jump to the main content block
  1. Home
  2. Hot News

【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2023-24955) in Microsoft SharePoint Server - Please Verify and Patch Immediately!

publish date : 2024-04-02 update date : 2024-04-15

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2024040111041313 Publication Time 2024/03/29 11:12
Incident Type ANA-Vulnerability Alert Discovery Time 2024/04/01 11:12
Impact Level Medium    
[Subject]
【Vulnerability Alert】High-Risk Security Vulnerability (CVE-2023-24955) in Microsoft SharePoint Server - Please Verify and Patch Immediately!
[Content]
Forwarded from the National Institute of Cyber SecurityNISAC-200-202403-00000069

Researchers have discovered a code injection (Code Injection) vulnerability (CVE-2023-24955) in Microsoft SharePoint Server. Remote attackers with administrator privileges can exploit this vulnerability to execute arbitrary code on the system. This vulnerability is currently being exploited by hackers. Please verify and patch it as soon as possible.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
● Microsoft SharePoint Server Subscription Edition
● Microsoft SharePoint Server 2019
● Microsoft SharePoint Enterprise Server 2016"
[Recommended Actions]
The official patch for the vulnerability has been released. Please refer to the following link for patch information:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955
[Reference]
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print