Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US’s must-patch list. Without specifically identifying the gang, researcher Kevin Beaumont said that at least one ransomware group has a working exploit for the critical vulnerability, which can potentially achieve remote code execution (RCE) although the US Cybersecurity and Infrastructure Security Agency (CISA) said its use in ransomware campaigns is currently “unknown.”

Source: The Register