Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Microsoft SharePoint flaw exploited to hack corporate networks

Password.

Hackers were spotted abusing a high severity vulnerability in Microsoft SharePoint to gain access to corporate IT infrastructure.

A report from cybersecurity researchers Rapid7 revealed how unnamed cybercriminals leveraged a flaw tracked as CVE-2024-38094 to establish initial access on the target’s network.

This is a remote code execution (RCE) flaw in SharePoint, Microsoft’s web-based platform for collaboration and document management, with a severity score of 7.2, and was fixed in mid-July 2024 as part of a Patch Tuesday cumulative update.

Advanced reasoning

The vulnerability allowed the crooks to access the network, where they dwelled for two weeks.

During that time, they used a Fast Reverse Proxy to establish an outbound connection, ran Active Directory (AD) enumeration tools, and engaged in credential dumping via multiple tools such as NTDSUtil and Mimikatz.

Finally, they installed a Chinese antivirus solution to degrade, or disable, security tools on systems.

“This involved the service account installing the Horoung Antivirus (AV) software, which was not an authorized software in the environment,” the researchers said in the blog post.

“For context, Horoung Antivirus is a popular AV software in China that can be installed from Microsoft Store. Most notably, the installation of Horoung caused a conflict with active security products on the system. This resulted in a crash of these services. Stopping the system’s current security solutions allowed the attacker freedom to pursue follow-on objectives thus relating this malicious activity to Impairing Defenses.”

In the meantime, the US Cybersecurity and Infrastructure Security Agency (CISA) added the RCE flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving federal agencies a tight deadline to address the flaw, or stop using SharePoint entirely.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.