SharePoint Authentication bypass (CVE-2023-29357)
Description
Microsoft SharePoint Server contains a critical authentication bypass vulnerability (CVE-2023-29357) that allows attackers to circumvent authentication mechanisms using a maliciously crafted JSON Web Token (JWT). This vulnerability affects the server's token validation process, enabling unauthorized access without requiring valid credentials. Successful exploitation grants attackers the same level of access as authenticated users, potentially leading to complete system compromise.
Remediation
Apply the security updates provided by Microsoft immediately. Follow these steps:
1. Identify all SharePoint Server instances in your environment, including version numbers
2. Download and install the appropriate security update from the Microsoft Security Response Center (MSRC) for CVE-2023-29357
3. For SharePoint Server 2019, install the June 2023 or later security update
4. For SharePoint Server Subscription Edition, install the June 2023 or later security update
5. Restart SharePoint services after applying patches
6. Verify the patch installation by checking the SharePoint version number
7. Review authentication logs for any suspicious JWT token usage or unauthorized access attempts prior to patching
8. If immediate patching is not possible, consider implementing network-level controls to restrict SharePoint access to trusted IP addresses only as a temporary mitigation