A vulnerability in Microsoft SharePoint Server is being actively reviewed by threat intelligence researchers, revealing exposure of U.S. government systems to risk. This flaw impacts SharePoint Enterprise Server versions 2016, 2019, and the Subscription Edition, but not Microsoft 365. Patches have been issued for 2019 and the subscription version. On-premises SharePoint environments in government, education, healthcare, and large enterprises are facing immediate threats. Organizations are urged to apply patches urgently and take robust security actions to mitigate risk and prevent potential compromises.
"Unit 42 is tracking a high-impact, ongoing threat campaign targeting on-premises Microsoft SharePoint servers. While cloud environments remain unaffected, on-prem SharePoint deployments - particularly within government, schools, healthcare including hospitals, and large enterprise companies - are at immediate risk."
"We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material and engage professional incident response. A false sense of security could result in prolonged exposure and widespread compromise."
Collection
[
|
...
]