Topline
A vulnerability in Microsoftâs SharePoint server software was exploited by hackers to carry out âactive attacksâ globally on various entities, including businesses and U.S. federal agencies, prompting the software giant to issue an emergency patch.
Microsoft deployed an emergency security patch for some users on Sunday night.
Key Facts
In a statement on X, Microsoft said it has released a security update for SharePoint Subscription Edition and SharePoint 2019 users to âmitigate active attacksâ targeting servers running the software.
The company noted that the vulnerability only impacts companies using Microsoftâs software to host their own servers, and customers relying on Microsoftâs 365 cloud services have not been affected.
Citing government officials and security researchers, the Washington Post reported that the vulnerability affected U.S. federal and state agencies, universities and various businesses.
In a statement on Sunday night, the Cybersecurity and Infrastructure Security Agency (CISA) said it was âaware of active exploitation of a newâĤvulnerability enabling unauthorized access to on-premise SharePoint servers.â
The federal agency said the vulnerability allowed malicious actors to âaccess file systems and internal configurations, and execute code over the network.â
What To Watch For
The security patch released by Microsoft only fixed the vulnerability on the latest âSharePoint Subscription Edition and SharePoint 2019.â The company said it is still actively working on a fix for the older SharePoint 2016 version. It is unclear how many government entities and businesses are still using the 2016 version. In its advisory, the company advises affected users to âconsider disconnecting your server from the internet until a security update is available.â
What Has Microsoft Said?
A Microsoft spokesperson told Reuters that the company has been âcoordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response.â
What Do We Know About The Sharepoint Vulnerability?
The hack targeting SharePoint users is referred to as a âzero-dayâ attack, as the hackers exploited a previously unknown vulnerability. Dutch cybersecurity firm Eye Security was the first to report on the zero-day exploit over the weekend. The company said its team scanned more than 8,000 SharePoint servers worldwide on Friday and âdiscovered dozens of systems actively compromised.â The company stated that these attacks occurred in two waves on July 18 and 19.