Expert Comment: CISA Urges Patching of Exploited SharePoint Vuln during 1st Patch Tuesday Week
January 2024 by Sylvain Cortes, VP Strategy at Hackuity
In the week of the first Patch Tuesday of the year, CISA has issued a warning a Sharepoint vulnerability that, although having had a patch released last year, is being exploited.
Sylvain Cortes, VP Strategy, Hackuity points out below how the scenario underpins the need for organisations to consider the bigger vulnerability picture…
“As we start the year with news that CISA issued a warning on a Sharepoint vulnerability that’s being exploited in the wild, it’s also a timely reminder that we need to consider the bigger picture with how teams manage and prioritise risks. Because the context around these vulnerabilities is just as important.
The warning from CISA comes after a relatively quiet rollout to the first Patch Tuesday of 2024 in which 49 CVE-numbered vulnerabilities were patched, two being highly critical.
Monitoring and managing the vulnerabilities that pose the most risk to your network is of course essential. But the race to install patches before attackers exploit them also needs a balanced approach. As we start this year with the first batch of CVEs reported, our advice is straightforward: everything can’t be ‘urgent and important’. So, focus on the basics: centralise information on vulnerabilities, understand them, and then prioritise the remediation approach."