PatchSiren cyber security CVE debrief
CVE-2023-29357 Microsoft CVE debrief
CVE-2023-29357 is a Microsoft SharePoint Server privilege escalation vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-01-10. The KEV entry marks it as known to be used in ransomware campaigns and sets a remediation due date of 2024-01-31. The supplied corpus does not provide a CVSS score, so defensive urgency here is driven by KEV status and ransomware risk rather than a published severity value.
- Vendor
- Microsoft
- Product
- SharePoint Server
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2024-01-10
- Original CVE updated
- 2024-01-10
- Advisory published
- 2024-01-10
- Advisory updated
- 2024-01-10
Who should care
SharePoint Server administrators, vulnerability management teams, SOC analysts, incident responders, and organizations that rely on Microsoft SharePoint Server, especially those with internet-facing deployments or ransomware-focused risk profiles.
Technical summary
The source corpus identifies CVE-2023-29357 as a Microsoft SharePoint Server privilege escalation issue. CISA’s KEV metadata states that the vulnerability is known to be exploited and that known ransomware campaign use exists. CISA’s required action is to apply mitigations per vendor instructions, or discontinue use of the product if mitigations are unavailable. No CVSS score is included in the supplied data.
Defensive priority
High priority; treat as urgent and address before the KEV due date of 2024-01-31, or as soon as operationally possible.
Recommended defensive actions
- Inventory all Microsoft SharePoint Server instances and confirm whether any are affected or exposed.
- Review Microsoft’s vulnerability guidance for CVE-2023-29357 and apply the vendor-recommended mitigations promptly.
- If mitigations are unavailable, follow CISA guidance to discontinue use of the product until a safe path is available.
- Prioritize exposed or externally reachable SharePoint Server deployments in remediation scheduling.
- Monitor for unusual privilege changes, administrative activity, and other signs of compromise on SharePoint hosts and connected accounts.
- Validate backup and incident-response readiness in case the environment has already been targeted.
Evidence notes
Supported facts from the supplied corpus: CISA KEV lists CVE-2023-29357 as a Microsoft SharePoint Server privilege escalation vulnerability; dateAdded is 2024-01-10; dueDate is 2024-01-31; knownRansomwareCampaignUse is marked Known; and the required action is to apply vendor mitigations or discontinue use if mitigations are unavailable. The corpus also includes references to the Microsoft MSRC update guide and NVD entry, but it does not include a CVSS score.
Official resources
-
CVE-2023-29357 CVE record
CVE.org
-
CVE-2023-29357 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Publicly identified in the CVE record and added to CISA’s Known Exploited Vulnerabilities catalog on 2024-01-10.