Microsoft’s June Patch Tuesday Drops a SharePoint RCE Bomb and a Zero-Day – Don’t Sleep On This!
Microsoft just rolled out its June 2024 Patch Tuesday, and it’s a big one. Among the 51 vulnerabilities addressed, a critical Remote Code Execution (RCE) in SharePoint and a zero-day privilege escalation bug stand out, demanding immediate attention from IT pros and developers alike.
The star of the show (or nightmare) is CVE-2024-30103, a critical RCE affecting Microsoft SharePoint Server. This flaw could allow an authenticated attacker to execute arbitrary code with elevated privileges by manipulating API requests. What’s more, Microsoft also patched CVE-2024-30080, an OAuth 2.0 zero-day privilege escalation vulnerability that was actively exploited in the wild, allowing attackers to gain SYSTEM privileges.[1]
If you’re running SharePoint, you need to be patching yesterday. An RCE of this magnitude means attackers can essentially take over your server, leading to data breaches, system compromise, or complete network disruption. The OAuth zero-day being actively exploited adds another layer of urgency; attackers are already leveraging this weakness to elevate privileges, making it easier to move laterally and deepen their access within compromised environments. For developers, this is a stark reminder to keep authentication and authorization mechanisms under tight scrutiny and to prioritize security updates.
Seriously, stop reading, start patching. These aren’t “maybe later” kind of vulnerabilities. With an RCE in a widely used enterprise collaboration tool and an actively exploited zero-day, delaying could cost you big. Get those updates deployed, now!
