Microsoft issues patch for SharePoint vulnerabilities

What happened – On April 10, Tech Radar Pro reported on two new techniques that exploit vulnerabilities in Microsoft SharePoint, allowing hackers to steal large numbers of SharePoint files while evading detection.  

  • The first technique exploits the ‘open in app’ SharePoint feature, giving the hacker access via Powershell script of manually.
    • This technique allows the hacker to steal files without displaying a “FileDowloaded” event, therefore hiding the fact that files were exfiltrated. 
  • The second technique exploits SkyDriveSync, which enables file sync between SharePoint and the local computer.
    • The hacker steals files while making it look like an innocent sync took place between SharePoint and the user’s local device.
  • Microsoft released a patch to address these vulnerabilities in April 2024.  

How to mitigate risk from this vulnerability: 

  • Install Microsoft patches at least monthly.  
  • Ensure a process is in place to identify and deploy critical patches outside of the normal patching schedule. 

Read: Double zero-day malware patch released by Microsoft | TechRadar.
Read: CVE-2024-26251 – Security Update Guide – Microsoft – Microsoft SharePoint Server Spoofing Vulnerability. 

Get smart and take action – Drawbridge makes cybersecurity easy for Alternative Investment and Wealth Managers. Contact one of our representatives to learn more.

Contact Us For More Information