A vulnerability in Microsoft SharePoint is being actively exploited according to CISA’s known exploited vulnerabilities (KEV) catalogue. This defect, tracked as CVE-2023-29357, is an elevation of privilege flaw—it allows for threat actors to gain administrator privileges in the SharePoint servers. User interaction does not appear to be required for successful exploitation under this vulnerability. NIST gave CVE-2023-29357 a severity score of 9.8 out of 10.

Microsoft was aware of CVE-2023-29357 and released a patch in June of 2023. However, some SharePoint servers are not receiving automatic updates or might have otherwise fallen through the cracks. It may be helpful for security teams to confirm that they have no unpatched instances of SharePoint in their environments. CISA recommends patching the vulnerability by January 31, 2024 in order to secure against the active threat.