CVE-2024-43464
Deserialization of Untrusted Data (CWE-502)
Published: Sep 10, 2024
010
CVSS 7.2EPSS 0.05%High
CVE info copied to clipboard
Summary
Microsoft SharePoint Server Remote Code Execution Vulnerability. This vulnerability is associated with the deserialization of untrusted data (CWE-502). It affects Microsoft SharePoint Server versions 2019, 2016, and the subscription edition.
Impact
This vulnerability allows for remote code execution with high impact on confidentiality, integrity, and availability. An attacker can exploit this vulnerability over the network without user interaction, potentially leading to unauthorized access, data manipulation, or service disruption. The attack complexity is low, but it requires high privileges to execute.
Exploitation
There is no evidence that a public proof-of-concept exists. Its exploitation has been reported by various sources, including pcworld.com.
Patch
A patch is available. Microsoft released the patch on September 10, 2024. It can be obtained from the Microsoft Security Response Center (MSRC) update guide.
Mitigation
1. Apply the security update provided by Microsoft as soon as possible. 2. Implement network segmentation to limit access to SharePoint servers. 3. Monitor for suspicious activities related to deserialization processes. 4. Ensure that SharePoint servers are not directly exposed to the internet if not necessary. 5. Apply the principle of least privilege for SharePoint server access. 6. Keep all SharePoint server components and dependencies up to date.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Timeline
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (110475)
Sep 10, 2024 at 7:53 AM
CVSS
A CVSS base score of 7.2 has been assigned.
Sep 10, 2024 at 4:55 PM / microsoft
First Article
Feedly found the first article mentioning CVE-2024-43464. See article
Sep 10, 2024 at 5:11 PM / Microsoft Security Response Center
CVE Assignment
NVD published the first details for CVE-2024-43464
Sep 10, 2024 at 5:15 PM
CVSS Estimate
Feedly estimated the CVSS score as HIGH
Sep 10, 2024 at 5:34 PM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Nessus (206905)
Sep 10, 2024 at 11:16 PM
EPSS
EPSS Score was set to: 0.05% (Percentile: 20%)
Sep 11, 2024 at 10:12 AM
Exploitation in the Wild
Attacks in the wild have been reported by PCWorld. See article
Sep 11, 2024 at 3:50 PM / PCWorld
Threat Intelligence Report
CVE-2024-43464 is a critical remote code execution vulnerability affecting Microsoft SharePoint Server. The details regarding exploitation in the wild, proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors are not provided in the given information. Further investigation is necessary to assess the full scope and implications of this vulnerability. See article
Sep 23, 2024 at 2:37 PM
Affected Systems
Microsoft/sharepoint_server
+null more
Patches
Microsoft
+null more
Attack Patterns
CAPEC-586: Object Injection
+null more
References
September 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
Windows TCP/IP CVE-2024-21416 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-26186 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-26191 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Security Zone Mapping CVE-2024-30073 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37335 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37337 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37338 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37339 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37340 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37341 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37342 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37965 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37966 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-37980 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Installer CVE-2024-38014 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Detected Yes No No Microsoft Office SharePoint CVE-2024-38018 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows TCP/IP CVE-2024-38045 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows PowerShell CVE-2024-38046 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Network Address Translation (NAT) CVE-2024-38119 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Network Watcher CVE-2024-38188 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Web Apps CVE-2024-38194 8.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Stack CVE-2024-38216 8.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mark of the Web (MOTW) CVE-2024-38217 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:F/RL:O/RC:C Exploitation Detected Yes No No Azure Stack CVE-2024-38220 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Dynamics Business Central CVE-2024-38225 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office Publisher CVE-2024-38226 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Detected Yes No No Microsoft Office SharePoint CVE-2024-38227 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office SharePoint CVE-2024-38228 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Standards-Based Storage Management Service CVE-2024-38230 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Remote Desktop Licensing Service CVE-2024-38231 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Network Virtualization CVE-2024-38232 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Network Virtualization CVE-2024-38233 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Network Virtualization CVE-2024-38234 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Role: Windows Hyper-V CVE-2024-38235 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows DHCP Server CVE-2024-38236 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Microsoft Streaming Service CVE-2024-38237 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38238 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Kerberos CVE-2024-38239 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Access Connection Manager CVE-2024-38240 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Streaming Service CVE-2024-38241 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38242 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38243 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38244 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Streaming Service CVE-2024-38245 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Win32K - GRFX CVE-2024-38246 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Graphics Component CVE-2024-38247 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Storage CVE-2024-38248 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Graphics Component CVE-2024-38249 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Graphics Component CVE-2024-38250 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Win32K - ICOMP CVE-2024-38252 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Win32K - ICOMP CVE-2024-38253 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Authentication Methods CVE-2024-38254 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel-Mode Drivers CVE-2024-38256 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows AllJoyn API CVE-2024-38257 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-38258 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Management Console CVE-2024-38259 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-38260 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-38263 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-43454 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-43455 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Setup and Deployment CVE-2024-43457 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Network Virtualization CVE-2024-43458 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows MSHTML Platform CVE-2024-43461 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office Visio CVE-2024-43463 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office SharePoint CVE-2024-43464 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office Excel CVE-2024-43465 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office SharePoint CVE-2024-43466 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Remote Desktop Licensing Service CVE-2024-43467 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure CycleCloud CVE-2024-43469 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Network Watcher CVE-2024-43470 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No SQL Server CVE-2024-43474 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Admin Center CVE-2024-43475 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Dynamics 365 (on-premises) CVE-2024-43476 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Power Automate CVE-2024-43479 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Outlook for iOS CVE-2024-43482 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mark of the Web (MOTW) CVE-2024-43487 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C Exploitation More Likely Yes No No Windows Update CVE-2024-43491 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Detected Yes No No Microsoft AutoUpdate (MAU) CVE-2024-43492 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Libarchive CVE-2024-43495 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
September 2024 Threat Advisory – Top 5
Initial Access : Peach Sandstorm uses password spray attacks or social engineering on platforms like LinkedIn to target multiple accounts at once, minimizing detection and maximizing access. This vulnerability could allow a remote attacker with network access to exploit the DCERPC protocol and compromise the vCenter Server.
News
CVE-2024-43464 Microsoft SharePoint Server Remote Code Execution Vulnerability
Critical RCE Vulnerability in Microsoft SharePoint Could Lead to Malicious Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a critical vulnerability in Microsoft SharePoint. “An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server,” Microsoft explained in a security advisory .
SharePoint Servers Hit by Exploits as Microsoft Scrambles to Patch
A vulnerability in Microsoft SharePoint servers has turned into a major security threat, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) adding the flaw to its Known Exploited Vulnerabilities (KEV) list. Identified as CVE-2024-38094, the deserialization flaw allows attackers with sufficient permissions to run arbitrary code remotely, posing a serious risk to unpatched systems.
Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch
A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency (CISA). "An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," according to the July 9 security update .
September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs
Severity CVSS Score CVE Description Critical 9.8 CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability Microsoft Windows Update received a patch for CVE-2024-43491, which has a severity of Critical and a CVSS score of 9.8 .
See 71 more articles and social media posts