标题:微软 SharePoint 漏洞曝光,黑客可远程执行任意命令
美国网络安全和基础设施安全局(CISA)近日发布警告,指出微软 SharePoint 存在严重漏洞,黑客可以利用这些漏洞远程执行任意命令。据悉,这个漏洞链包括两个关键的漏洞,一个是提权漏洞,另一个是 SharePoint Server 远程代码执行漏洞。
据 CISA 表示,现有证据表明有黑客利用微软 SharePoint 中的提权漏洞,配合另一个“关键”级别漏洞,能远程执行任意命令。该漏洞追踪编号为 CVE-2023-29357,远程攻击者可利用欺骗的 JWT 验证令牌规避身份验证,从而在未打补丁的服务器上获得管理权限。
微软解释说:“获得欺骗性 JWT 身份验证令牌的攻击者可以利用这些令牌执行网络攻击,从而绕过身份验证,获得已通过身份验证用户的权限。成功利用此漏洞的攻击者可获得管理员权限。”攻击者再配合追踪编号为 CVE-2023-24955 SharePoint Server 远程代码执行漏洞,可以在 SharePoint 服务器上注入命令,执行任意代码。
STAR 实验室研究员 Jang(Nguyễn Tiến Giang)于去年 3 月在温哥华举行的 Pwn2Own 竞赛中成功演示了这个 Microsoft SharePoint Server 漏洞链,并赢得了 10 万美元的奖励。研究人员于 9 月 25 日发表了一份技术分析报告,详细描述了开采过程。仅一天后,一名安全研究人员也在 GitHub 上发布了 CVE-2023-29357 概念验证漏洞。
英语如下:
Title: Microsoft SharePoint Vulnerability Exposed: Hackers canTitle: Microsoft SharePoint Vulnerability Exposed: Hackers can Remotely Execute Commands
Keywords: Microsoft vulnerability, remote execution, hacker attack
News Content: Title: Microsoft SharePoint Vulnerability Exposed, Hackers can Remotely Execute Arbitrary Commands
The US Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning that there are serious vulnerabilities in Microsoft SharePoint, which hackers can use to remotely execute arbitrary commands. It is reported that this vulnerability chain includes two critical vulnerabilities, one is a privilege escalation vulnerability, and the other is a SharePoint Server remote code execution vulnerability.
According to CISA, existing evidence shows that hackers have exploited the privilege escalation vulnerability in Microsoft SharePoint, combined with another “critical” level vulnerability, can remotely execute arbitrary commands. The vulnerability tracking number is CVE-2023-29357, remote attackers can use deceptive JWT authentication tokens to bypass authentication and obtain administrative rights on unpatched servers.
Microsoft explained: “Attackers who obtain deceptive JWT authentication tokens can use these tokens to perform network attacks, thereby bypassing authentication and obtaining the same permissions as authenticated users. Successful exploitation of this vulnerability allows an attacker to gain administrator privileges.” Attackers can then combine with the SharePoint Server remote code execution vulnerability with the tracking number CVE-2023-24955 to inject commands into the SharePoint server and execute arbitrary code.
Jang (Nguyễn Tiến Giang), a researcher at STAR Lab, successfully demonstrated this Microsoft SharePoint Server vulnerability chain at the Pwn2Own competition held in Vancouver last March and won a $100,000 prize. Researchers published a technical analysis report on September 25 detailing the mining process. Just one day later, a security researcher also released a proof-of-concept vulnerability for CVE-2023-29357 on GitHub.
【来源】https://www.ithome.com/0/745/045.htm
Views: 1