Key Points
- Microsoft is warning of “active attacks” on its on-premise SharePoint server software.
- The hackers are exploiting a previously unknown “zero-day” vulnerability to carry out the attacks.
- The cloud-based version, SharePoint Online, is safe from these attacks.
- Microsoft has released a patch for certain versions and is urging customers to update their systems immediately.
Microsoft has issued an urgent alert about “active attacks” targeting its SharePoint server software, which government agencies and businesses widely use to share documents. The company is urging customers to apply security updates immediately to protect themselves.
The FBI confirmed on Sunday that it is aware of the attacks and is working closely with its partners to address the threat.
In its alert, Microsoft clarified that the vulnerability only affects SharePoint servers that organizations run themselves. The cloud-based version, SharePoint Online, which is part of Microsoft 365, was not hit by the attacks.
The hack is particularly dangerous because it’s a “zero-day” attack, meaning it exploits a previously unknown flaw. Hackers are using a “spoofing” technique, which enables them to conceal their identity and impersonate a trusted person or organization. This could be used to trick people or even manipulate financial markets. According to a report from The Washington Post, tens of thousands of servers could be at risk.
Microsoft has already released a security update for its SharePoint Subscription Edition. The company is still working on patches for the 2016 and 2019 versions. For those users, Microsoft advises disconnecting the affected servers from the internet entirely until an update is available to prevent an attack.
