New Exploit Emerges For A Previously Patched SharePoint Vulnerability
Months after Microsoft patched a remote code execution vulnerability in SharePoint, a new way to exploit it has surfaced online. Identified as a separate bug, this vulnerability again demands users’ attention for applying patches.
New SharePoint Vulnerability Exploit Discovered
Security researcher Nguyễn Tiến Giang (Jang) from StarLabs has shared insights about a new exploit for a known SharePoint vulnerability.
Specifically, Microsoft patched a remote code execution vulnerability CVE-2022-22005 in SharePoint with February Patch Tuesday updates. As explained at that time, exploiting the vulnerability required the attacker to have authenticated access and page creation permissions.
Upon observing the recent bug, the researcher initially deemed it the same as CVE-2022-22005. However, analyzing it further made the newly discovered bug appear as a slightly different issue. Identified as CVE-2022-29108, exploiting this bug could become possible when an adversary would create a SharePoint List using Infopath and upload a malicious file on the target server. Describing the latter step, the researcher stated in his post,
Upload a file in the Attachments section, with the main file’s content is the gadgetchain that will be used to deserialize, here I use the TypeConfuseDelegate gadget to get RCE.
The other steps to exploit the flaw remained similar to those for exploiting CVE-2022-22005, as detailed by Viettel Security.
The following video demonstrates the bug exploitation as PoC. Besides, the researcher has shared the relevant technical details about the exploit in his blog post.
Attribution
0 Komentar