A new SharePoint vulnerability is already being exploited
Attackers are exploiting a recently disclosed remote code execution vulnerability in Microsoft SharePoint to gain initial access to corporate networks.
SharePoint’s main role in the Microsoft 365 ecosystem is for building intranets and dedicated web applications to support organizational processes. It is also used to build websites, and to gather together files in SharePoint teams connected to the Microsoft Teams communicator.
CVE-2024-38094 is a high-severity remote code execution (RCE) vulnerability that affects Microsoft SharePoint. Microsoft fixed the vulnerability on July 9, 2024 as part of July’s Patch Tuesday package, marking it as “important”.