What happened – On April 10, Tech Radar Pro reported on two new techniques that exploit vulnerabilities in Microsoft SharePoint, allowing hackers to steal large numbers of SharePoint files while evading detection.
- The first technique exploits the ‘open in app’ SharePoint feature, giving the hacker access via Powershell script of manually.
- This technique allows the hacker to steal files without displaying a “FileDowloaded” event, therefore hiding the fact that files were exfiltrated.
- The second technique exploits SkyDriveSync, which enables file sync between SharePoint and the local computer.
- The hacker steals files while making it look like an innocent sync took place between SharePoint and the user’s local device.
- Microsoft released a patch to address these vulnerabilities in April 2024.
How to mitigate risk from this vulnerability:
- Install Microsoft patches at least monthly.
- Ensure a process is in place to identify and deploy critical patches outside of the normal patching schedule.
Read: Double zero-day malware patch released by Microsoft | TechRadar.
Read: CVE-2024-26251 – Security Update Guide – Microsoft – Microsoft SharePoint Server Spoofing Vulnerability.
Get smart and take action – Drawbridge makes cybersecurity easy for Alternative Investment and Wealth Managers. Contact one of our representatives to learn more.
