A critical vulnerability was detected in Microsoft SharePoint, a widely used software in various organizations, including Mexican government agencies. This flaw, identified as CVE-2024-38094, could allow control of the victims' systems. In an alert, Victor Ruiz, a certified cybersecurity instructor and founder of SILIKN, specified that the vulnerability is rated with a severity of 7.2 on the CVSS scale, which ranges from 0 to 10.
He also warned that it is already being actively exploited by cyber attackers. This vulnerability is related to an insecure deserialization process, which allows attackers to execute arbitrary code and take remote control of the affected system. In this case, it becomes particularly serious as several government agencies are vulnerable.
According to Microsoft, an attacker with site owner permissions in SharePoint can exploit this vulnerability by injecting and executing malicious code. Although Microsoft released patches in July 2024 as part of its regular security updates, the threat remains, as a proof of concept is publicly available on GitHub, making it easier for other attackers to replicate the attack.
According to SILIKN’s analysis, this situation affects at least 18 government agencies in Mexico that have been identified as vulnerable and must urgently implement updates to mitigate the risks of exploitation. Among these agencies are important entities such as the Mexican Institute of Industrial Property (IMPI), the Attorney General's Office (FGR), and various state government offices, primarily in San Luis Potosí.
The affected organizations have until November 12, 2024, to address the vulnerability by applying the security patches provided by Microsoft. Victor Ruiz emphasizes: "This is because, according to international standards, organizations are expected to fix known and exploited vulnerabilities within a period of 14 calendar days, critical unexploited vulnerabilities within 15 calendar days, and high-severity unexploited vulnerabilities within a maximum of 30 calendar days."
Additionally, institutions must strengthen their audit controls and establish clear identity management systems to reduce the risk of unauthorized access to confidential information. This situation is a reminder of the importance of keeping systems updated and promptly applying security patches to prevent serious incidents that could compromise sensitive data or even paralyze the operations of key public institutions.