PatchSiren cyber security CVE debrief
CVE-2023-24955 Microsoft CVE debrief
CVE-2023-24955 is a Microsoft SharePoint Server code injection vulnerability that CISA added to its Known Exploited Vulnerabilities (KEV) catalog on 2024-03-26. CISA also marks it as having known ransomware campaign use. For defenders, that combination means this should be treated as an active exposure requiring prompt mitigation or remediation, not routine backlog work.
- Vendor
- Microsoft
- Product
- SharePoint Server
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2024-03-26
- Original CVE updated
- 2024-03-26
- Advisory published
- 2024-03-26
- Advisory updated
- 2024-03-26
Who should care
Organizations running Microsoft SharePoint Server, especially teams responsible for patching, exposure management, incident response, and ransomware risk reduction. CISA’s KEV listing indicates this vulnerability has been observed in the wild and should be prioritized quickly.
Technical summary
The supplied corpus identifies the issue as a Microsoft SharePoint Server code injection vulnerability. The available authoritative data does not provide a CVSS score in this corpus, but it does show that CISA listed the CVE in the KEV catalog on 2024-03-26 with a remediation due date of 2024-04-16 and notes known ransomware campaign use. The defensive implication is clear: validate whether any SharePoint Server instances are affected, apply vendor mitigations or updates from Microsoft’s security guidance, and reduce exposure where mitigation is not possible.
Defensive priority
High / urgent. KEV inclusion and known ransomware campaign use elevate this from a standard patching item to a time-sensitive remediation priority.
Recommended defensive actions
- Identify all Microsoft SharePoint Server deployments in your environment, including externally reachable and internally hosted instances.
- Review Microsoft’s official guidance for CVE-2023-24955 and apply mitigations or updates referenced there.
- If mitigations are unavailable for a deployment, follow CISA’s guidance to discontinue use of the product or remove the exposed instance until it can be safely remediated.
- Confirm remediation before the CISA KEV due date of 2024-04-16 where possible, and verify that exposed services are no longer vulnerable.
- Monitor for signs of compromise and review incident-response procedures given the known ransomware campaign use flag.
Evidence notes
This debrief is based only on the supplied CISA KEV source item metadata and the official links provided in the corpus. The corpus explicitly states: product = Microsoft SharePoint Server, vulnerability name = Microsoft SharePoint Server Code Injection Vulnerability, dateAdded = 2024-03-26, dueDate = 2024-04-16, and knownRansomwareCampaignUse = Known. The corpus does not include a CVSS score or additional exploit details, so none are inferred here.
Official resources
-
CVE-2023-24955 CVE record
CVE.org
-
CVE-2023-24955 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
CVE published 2024-03-26; CISA KEV added 2024-03-26; CISA remediation due date 2024-04-16. No CVSS score was provided in the supplied corpus.