The actively exploited flaw has been designated CVE-2023-29357 and rated critical by Microsoft. It affects Microsoft SharePoint Server versions 2019 and Subscription Edition. The vulnerability allows an attacker to bypass authentication and gain administrator-level privileges, making it a lucrative entry point for threat actors targeting corporate networks.

🔍 How the Exploit Works

According to Microsoft’s advisory and various security researchers, the vulnerability enables attackers to exploit a token validation flaw in SharePoint’s claims-based authentication. Once inside, attackers can manipulate access tokens and perform unauthorized operations such as uploading malicious files or accessing sensitive data across SharePoint sites.

⚠️ Active Exploitation Confirmed

Multiple cybersecurity firms, including Palo Alto Networks' Unit 42 and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), have confirmed that the vulnerability is being actively exploited in the wild. CISA has even added CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog, which mandates federal agencies to apply patches by August 5, 2025.

🛠️ Microsoft Urges Immediate Patching

Microsoft has released security updates addressing the vulnerability in its June 2023 Patch Tuesday rollout. Admins are strongly advised to install the updates without delay, as delaying patches could lead to system compromise, data theft, or broader network breaches.

📎 Official Microsoft Security Advisory:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357

📎 CISA Alert Page:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog

🏢 Who is at Risk?

Organizations running unpatched versions of Microsoft SharePoint Server, particularly those in government, healthcare, and finance sectors, are especially vulnerable. The flaw could be used in supply chain attacks or lateral movement within compromised networks. Experts urge administrators to also monitor logs for suspicious SharePoint access patterns.

🔐 Security Best Practices Recommended

• Apply security patches immediately

• Monitor for anomalous SharePoint activity

• Enforce multi-factor authentication (MFA)

• Restrict admin privileges and segment networks

• Regularly audit SharePoint logs and permissions

Conclusion

With SharePoint being a cornerstone of enterprise collaboration, this vulnerability serves as a critical reminder of the growing sophistication of cyberattacks targeting core infrastructure. Timely action, patching, and vigilance are essential to prevent devastating breaches.