Microsoft has suffered a cyberattack on its SharePoint server software, which is used by government agencies and businesses to share documents within organizations. Such actions allow hackers to gain full access to file systems, internal settings and run malicious code. What should the company’s customers do?
Microsoft has suffered a cyberattack on its SharePoint server software, which is used by government agencies and businesses to share documents within organizations. Such actions allow hackers to gain full access to file systems, internal settings and run malicious code. What should the company’s customers do?
The FBI is aware of the attacks and is working with federal and private partners to investigate them, The Washington Post reports. Details are not being released at this time.
According to the publication, hackers have exploited a previously unknown vulnerability in recent days — a «zero-day attack» that allowed them to target government and international organizations. Tens of thousands of servers are at risk.
Microsoft clarified that the attack only affects on-premises SharePoint servers running within organizations. The cloud-based version — SharePoint Online in Microsoft 365 — was not affected.
The company noted that the vulnerability allows an authorized attacker to perform spoofing (identity substitution) on the network, which could lead to manipulation or deception of financial institutions and government agencies.
A security update has already been released for SharePoint Subscription Edition, and Microsoft is urging users to install it as soon as possible. Updates are still being prepared for versions 2016 and 2019. If customers are unable to enable the recommended protection, servers are advised to disconnect from the internet until the patch is released.
CrowdStrike and Palo Alto say the attack is very serious and poses a threat to the security of a large number of organizations. According to Censys, more than 10,000 organizations may be at risk, mainly in the United States, the Netherlands, the United Kingdom and Canada. Among the victims are US government agencies, universities, energy companies and a telecommunications company in Asia.
Palo Alto Networks reported in X about active global exploitation of vulnerabilities.
