UPDATE: A critical vulnerability in Microsoft’s SharePoint server software has been exploited by hackers, targeting governments and businesses worldwide. Microsoft has just announced an emergency patch to mitigate these “active attacks” that are compromising essential services.
This urgent situation unfolded over the weekend, with Microsoft deploying a security update for users of SharePoint Subscription Edition and SharePoint 2019. The announcement was made on X, with the tech giant urging affected users to take immediate action to secure their systems. Notably, the vulnerability does not impact organizations using Microsoft’s 365 cloud services.
According to reports from the Washington Post, the exploit has been linked to U.S. federal and state agencies, universities, and numerous businesses. The Cybersecurity and Infrastructure Security Agency (CISA) confirmed it is aware of the ongoing active exploitation, warning that the vulnerability enables unauthorized access to on-premise SharePoint servers.
In a critical statement, CISA noted that hackers can access file systems and internal configurations, as well as execute code over the network. The emergency patch only addresses the vulnerabilities in the latest versions of SharePoint, while a fix for the older SharePoint 2016 is still underway. Microsoft has not disclosed how many entities are still operating on the outdated version, raising serious concerns about security for those users.
Microsoft is advising affected organizations to “consider disconnecting your server from the internet until a security update is available.” The urgency of this situation has prompted Microsoft to coordinate closely with CISA and the Department of Defense Cyber Defense Command, highlighting the seriousness of the threat.
The attack is classified as a zero-day exploit, meaning the hackers have taken advantage of a previously unknown vulnerability. The Dutch cybersecurity firm Eye Security was the first to report this exploit, revealing that their team scanned more than 8,000 SharePoint servers globally and found dozens actively compromised as of July 19, 2023.
As the situation develops, organizations are urged to prioritize security measures and remain vigilant. The global cybersecurity community is on high alert, monitoring the impact and effectiveness of the emergency patch.
Stay tuned for further updates as more information becomes available on this urgent matter.
