CVE-2024-43464: Microsoft SharePoint Server Remote Code Execution Vulnerability Mitigation

Published on: 09-20-2024 By Soc Team

CVE-2024-43464: Microsoft SharePoint Server Remote Code Execution Vulnerability Mitigation

CVE-2024-43464 is a critical security vulnerability affecting various versions of Microsoft SharePoint Server. It allows for remote code execution (RCE) by deserializing untrusted data. In this article, we will detail the nature of this vulnerability and provide actionable steps to mitigate its risks.

Summary of CVE-2024-43464

Microsoft disclosed this vulnerability on September 10, 2024, and it affects the following products:

  • Microsoft SharePoint Enterprise Server 2016 (versions less than 16.0.5465.1001)
  • Microsoft SharePoint Server 2019 (versions less than 16.0.10414.20002)
  • Microsoft SharePoint Server Subscription Edition (versions less than 16.0.17928.20086)

The vulnerability is classified as CWE-502: Deserialization of Untrusted Data, which can be exploited to execute arbitrary code on the affected system.

Impact Assessment

Based on the CVSS v3.1 scoring, CVE-2024-43464 has a base score of 7.2, categorized as HIGH severity. The vector string is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C. This indicates:

  • Attack Vector: Network (AV:N)
  • Attack Complexity: Low (AC:L)
  • Privileges Required: High (PR:H)
  • User Interaction: None (UI:N)
  • Scope: Unchanged (S:U)
  • Confidentiality Impact: High (C:H)
  • Integrity Impact: High (I:H)
  • Availability Impact: High (A:H)

Mitigation Steps

To mitigate the risks associated with CVE-2024-43464, follow these steps:

  1. Apply Security Updates: Microsoft has released patches addressing this vulnerability. Ensure your SharePoint Server versions are updated to at least:
    • Version 16.0.5465.1001 for SharePoint Enterprise Server 2016
    • Version 16.0.10414.20002 for SharePoint Server 2019
    • Version 16.0.17928.20086 for SharePoint Server Subscription Edition
  2. Verify Installed Versions: Confirm that your servers are running the updated versions. Use the following PowerShell command:
    Get-SPFarm | Select BuildVersion
  3. Review Business Applications: Check all business applications that integrate with SharePoint to ensure they are also updated and configured to avoid using deserialized untrusted data.
  4. Monitor Network Traffic: Implement traffic monitoring to detect any anomalous activities that might suggest exploitation attempts.
  5. User Account Management: Ensure user accounts with high privileges have strict access control and monitoring. Limit the number of users with administrative rights.

Conclusion

CVE-2024-43464 is a severe vulnerability that requires immediate attention. By promptly applying security updates and following best practices for monitoring and user account management, organizations can significantly reduce the risk of exploitation. For more details, refer to the official Microsoft advisory.