Hackers have exploited vulnerabilities in Microsoft's SharePoint, compromising tens of thousands of on-premises servers utilized by businesses and agencies globally. An alert issued by Microsoft indicated awareness of 'active attacks' and ongoing patching efforts for the zero-day exploit. Initiated on July 18th by Eye Security researchers, the vulnerability allows unauthorized access and user impersonation, maintaining risks post-reboot or patch. Only cloud versions remain unaffected. CISA advises disconnecting impacted servers from the internet as the attacks target diverse organizations including US federal agencies and universities. Patches for SharePoint 2019 and Subscription Edition are released, with ongoing efforts for SharePoint 2016.
Hackers have exploited vulnerabilities in Microsoft's SharePoint software, placing tens of thousands of on-premises servers used by global businesses and agencies at risk. Microsoft issued an alert on Saturday disclosing that it was aware of 'active attacks,' and that it was working to patch the zero-day exploit.
Researchers at Eye Security first identified the vulnerability on July 18th, which allows hackers to access certain on-premises versions of SharePoint and steal keys that can let them impersonate users or services even after the server is rebooted or patched.
Microsoft has released patches to 'fully protect' SharePoint 2019 and SharePoint Subscription Edition servers, and the company is actively working on a patch for SharePoint 2016.
The US Cybersecurity and Infrastructure Security Agency (CISA) says that the scope and impact of the attacks are still being assessed, and that any servers that have been impacted by the exploit should be disconnected from the internet until an official resolution is available.
Collection
[
|
...
]