Microsoft is experiencing a major cyberattack impacting its SharePoint servers, which has put tens of thousands of servers at risk. The breach affects systems within organizations and does not involve SharePoint Online. Identified by Eye Security, the attack exploited a zero-day vulnerability, allowing hackers to remotely execute code, harvest digital keys, and plant malware. The breach could also extend to connected applications such as Outlook and Teams. This incident follows previous security concerns for Microsoft, including stolen source code by Russian hackers and flaws allowing access to U.S. government emails.
The hack only impacts SharePoint servers housed within an organization, and not those in the cloud through SharePoint Online in Microsoft 365.
Eye Security was the first to identify what it called "large-scale exploitation of a new SharePoint remote-code execution (RCE) vulnerability chain in the wild" on the evening of July 18.
The bug allows hackers to take private digital keys from SharePoint without any login credentials, enter an organization's servers, remotely plant malware, and gain access to the available files and data.
Because SharePoint connects with other apps like Outlook and Teams, a breach can compromise those applications as well.
Collection
[
|
...
]