Topline
A vulnerability in Microsoft’s SharePoint server software was exploited by hackers to carry out “active attacks” globally on various entities, including businesses and U.S. federal agencies, prompting the software giant to issue an emergency patch.
Microsoft deployed an emergency security patch for some users on Sunday night.
Key Facts
In a statement on X, Microsoft said it has released a security update for SharePoint Subscription Edition and SharePoint 2019 users to “mitigate active attacks” targeting servers running the software.
The company noted that the vulnerability only impacts companies using Microsoft’s software to host their own servers, and customers relying on Microsoft’s 365 cloud services have not been affected.
Citing government officials and security researchers, the Washington Post reported that the vulnerability affected U.S. federal and state agencies, universities and various businesses.
The Post’s report added that the servers of at least two U.S. federal agencies were breached using this vulnerability.
In a statement on Sunday night, the Cybersecurity and Infrastructure Security Agency (CISA) said it was “aware of active exploitation of a new…vulnerability enabling unauthorized access to on-premise SharePoint servers.”
The federal agency said the vulnerability allowed malicious actors to “access file systems and internal configurations, and execute code over the network.”
What To Watch For
The security patch released by Microsoft only fixed the vulnerability on the latest “SharePoint Subscription Edition and SharePoint 2019.” The company said it is still actively working on a fix for the older SharePoint 2016 version. It is unclear how many government entities and businesses are still using the 2016 version. In its advisory, the company advises affected users to “consider disconnecting your server from the internet until a security update is available.”
What Has Microsoft Said?
A Microsoft spokesperson told Reuters that the company has been “coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response.”
What Do We Know About The Sharepoint Vulnerability?
The hack targeting SharePoint users is referred to as a “zero-day” attack, as the hackers exploited a previously unknown vulnerability. Dutch cybersecurity firm Eye Security was the first to report on the zero-day exploit over the weekend. In a blog post, the company said its team scanned more than 8,000 SharePoint servers worldwide on Friday and “discovered dozens of systems actively compromised.” The blog stated these attacks occurred in two waves on July 18 and 19.
Key Background
The SharePoint hack is the latest high-profile cybersecurity incident involving Microsoft in recent years. In 2023, the company disclosed that Chinese hackers were able to gain access to the email accounts of around 25 organizations, including U.S. government agencies, by exploiting a vulnerability in Microsoft Exchange email server platform. The email accounts of former Commerce Secretary Gina Raimondo and many Biden-era State Department officials were impacted by the breach. Last year, the White House instituted Cyber Safety Review Board published a report on the breach that was scathing in its criticism of Microsoft. The review board said its probe “identified a series of Microsoft operational and strategic decisions that collectively point to a corporate culture that deprioritized both enterprise security investments and rigorous risk management.” The board’s report added that Microsoft made a “cascade of…avoidable errors that allowed this intrusion to succeed.”
Further Reading
Global hack on Microsoft product hits U.S., state agencies, researchers say (Washington Post)
Chinese Hackers Gained Access To Some U.S. Government Emails, Microsoft Says (Forbes)
Chinese Email Hack: Commerce Secretary Gina Raimondo And State Department Officials Among Affected (Forbes)
Source link
