Treasury says it found malware on SharePoint website for Infrastructure Reporting Model

[Jan]

Treasury says it found malware on SharePoint website for Infrastructure Reporting Model

The South African National Treasury has discovered malware on its Infrastructure Reporting Model website, which is its online infrastructure reporting and monitoring system.

Treasury indicated that the issue was related to the recent attacks on SharePoint, a widely used web-based platform developed by Microsoft for collaboration and document management.

 

[now05ster]

Et tu, CCP?

 

[w1z4rd]

Sharepoint has been vulnerable for a while now. Well the self hosted ones. Why not patch?

 

[Nod]

Source: https://arstechnica.com/security/20...he-sharepoint-threat-under-mass-exploitation/

Q: Why is the vulnerability being dubbed ToolShell?
A: ToolShell was the name given to a pair of vulnerabilities used in an exploit chain that was demonstrated at the Pwn2Own hacking competition in Berlin in May. The exploit was able to execute code on SharePoint servers without requiring authentication.
The name was coined by Dinh Ho Anh, a researcher from Khoa of Viettel Cyber Security, who developed the exploit. The researcher said he picked the name because it exploited ToolPane.aspx, a component for assembling the side panel view in the SharePoint user interface.
Anh’s attack was an authentication bypass that allowed the researcher to manipulate an insecure deserialization routine. Serialization is a coding process that translates data structures and object states into formats that can be stored or transmitted and then reconstructed later. Deserialization is the process in reverse.

Microsoft fixed the vulnerability pair—CVE-2025-49706 and CVE-2025-49704—two weeks ago as part of the company's monthly update release. As the world learned over the weekend, the patches were incomplete, a lapse that opened organizations around the world to the new attacks.

 

[Justanotherguybythesea]

To be fair MS only released some patches very recently and only partially patched one major vuln.
Share point on prem must be one of the biggest waste of money.

Patching would assume that they actually had competent staff, and also that said staff were active in the organisation, and not stuck in endless meetings and work to meet ever changing regulations and fads of the day, and also actually had the tools to do their work properly.

 

[Justanotherguybythesea]

Not sure I’m following: do you work for MS?

No, I have met government IT service workers, and they do tend to spend a lot of time doing non core work to meet vague metrics not connected to the actual work.