Attackers are exploiting a recently disclosed distant code execution vulnerability in Microsoft SharePoint to realize initial access to corporate networks.
SharePoint’s major role within the Microsoft 365 ecosystem is for constructing intranets and dedicated web applications to support organizational processes. It is usually used to construct web sites, and to collect together files in SharePoint teams connected to the Microsoft Teams communicator.
CVE-2024-38094 is a high-severity distant code execution (RCE) vulnerability that affects Microsoft SharePoint. Microsoft fixed the vulnerability on July 9, 2024 as a part of July’s Patch Tuesday package, marking it as “vital”.
