Copy
Trading Bots
Events
More

CISA warns of three exploited SharePoint bugs

2026/07/15 23:21Browse 0

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerabilities catalog, warning that attackers are actively exploiting the flaws in the wild. The vulnerabilities — CVE-2024-38094, CVE-2024-38117, and CVE-2024-38118 — affect supported versions of SharePoint Server and SharePoint Foundation. CISA's move signals that these bugs pose a significant risk to federal networks and critical infrastructure.

Vulnerabilities and impact

The three flaws include a remote code execution vulnerability (CVE-2024-38094) that allows an authenticated attacker to run arbitrary code in the context of the SharePoint farm. The other two are elevation-of-privilege bugs: CVE-2024-38117 enables an attacker to gain elevated access, while CVE-2024-38118 could let an authenticated user escape their restricted SharePoint environment. Microsoft patched all three in its July 2024 security update, but CISA's alert confirms that threat actors are now actively exploiting them against unpatched systems.

Response and mitigation

CISA has ordered all U.S. federal civilian agencies to apply the available patches by September 3, 2024, under the Binding Operational Directive 22-01. Private organizations are strongly urged to prioritize patching these SharePoint flaws as well. Given SharePoint's widespread use in enterprise environments for document management and collaboration, unpatched instances present a broad attack surface. Security teams should immediately check for the July 2024 updates and ensure no systems remain vulnerable, as exploitation activity is already underway.

Disclaimer: This page may contain third-party information and does not necessarily reflect BYDFi's views or opinions. This content is for general reference only and does not constitute any representation, warranty, financial advice, or investment advice. BYDFi is not responsible for any errors, omissions, or any results arising from the use of such information. Virtual asset investments involve risks. Please carefully evaluate the risks of the product and your risk tolerance based on your financial situation. For more information, please refer to our Terms of Use and Risk Disclosure.