A major zero-day security vulnerability in Microsoft’s widely used SharePoint server software has been exploited by hackers, causing chaos within businesses and government agencies, multiple outlets have reported. Microsoft announced that it had released a new security patch “to mitigate active attacks targeting on-premises [and not online] servers,” but the breach has already effected universities, energy companies, federal and state agencies and telecommunications firms.
The SharePoint flaw is a serious one, allowing hackers to access file systems and internal configurations or even execute code, to completely take over systems. The flaw could put more than 10,000 companies at risk, Cybersecurity company Censys told The Washington Post. “It’s a dream for ransomeware operators, and a lot of attackers are going to be working this weekend as well.” Google’s Threat Intelligence Group added that the flaw allows “persistent, unauthenticated access that can bypass future patching.”
The US Cybersecurity and Infrastucture Security agency (CISA) said that any servers affected by the exploit should be disconnected from the internet until a full patch arrives. It added that the impact of the attacks is still being probed.
The vulnerability was first spotted by Eye Security, which said the flaw allows hackers to access SharePoint servers and steal keys in order to impersonate users or services. “Because SharePoint often connects to core services like Outlook, Teams, and OneDrive, a breach can quickly lead to data theft, password harvesting, and lateral movement across the network,” Eye Security wrote in a blog post.
The FBI is aware of the attack and is working closely with government and private sector partners. It’s not immediately clear which groups are behind the zero-day hacks. In any case, the attack is liable to put Microsoft under the microscope again. A 2023 breach of Exchange Online mailboxes led the White House’s Cyber Safety Review Board to declare that Microsoft’s security culture was “inadequate.”
If you buy something through a link in this article, we may earn commission.