Microsoft Rushes Patch for Active SharePoint Zero-Day Attacks on Global Entities

Microsoft Rushes Patch for Active SharePoint Zero-Day Attacks on Global Entities

Microsoft Rushes Patch for Active SharePoint Zero-Day Attacks on Global Entities

Microsoft Rushes Patch for Active SharePoint Zero-Day Attacks on Global Entities
Image from Forbes

Microsoft has deployed an emergency security patch in response to widespread “active attacks” leveraging a critical vulnerability in its SharePoint server software. The exploits have reportedly targeted various organizations globally, including businesses and U.S. federal agencies.

The software giant issued the security update for SharePoint Subscription Edition and SharePoint 2019 users on Sunday night, aiming to mitigate the ongoing threats. Microsoft confirmed that the vulnerability specifically impacts companies hosting their own SharePoint servers, assuring that customers utilizing Microsoft’s 365 cloud services remain unaffected.

According to reports citing government officials and security researchers, U.S. federal and state agencies, universities, and numerous businesses have been impacted, with at least two U.S. federal agencies experiencing breaches via this flaw. The Cybersecurity and Infrastructure Security Agency (CISA) acknowledged the “active exploitation of a new…vulnerability,” warning that it enables malicious actors to “access file systems and internal configurations, and execute code over the network” on on-premise SharePoint servers.

While patches are available for the latest versions, Microsoft is still actively working on a fix for the older SharePoint 2016. Affected users of the 2016 version are advised to consider disconnecting their servers from the internet until an update is released. The vulnerability, identified as a “zero-day” exploit (meaning it was previously unknown to Microsoft), was first reported by Dutch cybersecurity firm Eye Security. The firm detected dozens of compromised systems worldwide after scanning over 8,000 SharePoint servers, noting that the attacks occurred in two distinct waves on July 18 and 19.

This incident marks the latest in a series of high-profile cybersecurity challenges for Microsoft, following a 2023 breach where Chinese hackers accessed email accounts of U.S. government agencies by exploiting a Microsoft Exchange vulnerability.

阅读中文版 (Read Chinese Version)

Disclaimer: This content is aggregated from public sources online. Please verify information independently. If you believe your rights have been infringed, contact us for removal.