UPDATE: A critical security vulnerability in Microsoft’s SharePoint server software has been exploited by hackers in active attacks targeting various government and business entities worldwide. Microsoft has swiftly responded by issuing an emergency security patch late Sunday night, highlighting the urgency of the situation.
The vulnerability affects organizations using SharePoint to host their own servers, while users of Microsoft’s 365 cloud services remain unaffected. According to reports from U.S. federal agencies and security researchers, the flaw has already impacted multiple institutions, including state agencies and universities.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed their awareness of the situation, stating, “We are aware of active exploitation of a new vulnerability enabling unauthorized access to on-premise SharePoint servers.” This vulnerability allows malicious actors to access file systems, internal configurations, and execute code over networks, posing a significant threat.
Microsoft’s security patch specifically addresses the latest versions of SharePoint, namely the SharePoint Subscription Edition and SharePoint 2019. However, a fix for the older SharePoint 2016 version is still in the works, leaving many organizations vulnerable. A Microsoft spokesperson emphasized that the company has been coordinating closely with CISA and other cybersecurity partners in response to this security breach.
The situation escalated over the weekend when Dutch cybersecurity firm Eye Security first reported the zero-day attack. Their team scanned over 8,000 SharePoint servers and identified dozens of systems that were actively compromised. Reports indicate that these attacks occurred in two significant waves on July 18 and 19, 2023.
In light of this urgent threat, Microsoft has advised affected users to consider disconnecting their servers from the internet until a security update for SharePoint 2016 becomes available.
As the situation continues to develop, organizations relying on SharePoint are urged to prioritize security measures and stay informed on further updates from Microsoft and CISA. This incident highlights the critical importance of cybersecurity in an increasingly interconnected world.
Stay tuned for more updates as authorities work to mitigate these risks and protect sensitive data.