Microsoft urges urgent patching after zero-day attacks target on-prem SharePoint servers used by governments and firms. Cloud-based SharePoint remains safe.
Microsoft has issued a warning regarding “active attacks” on server applications used by government bodies and companies to share internal documents. The tech giant advised users to immediately apply the suggested security patches.
The FBI confirmed on Sunday that it was aware of the attacks and collaborating with federal and private-sector partners, though it did not disclose further information.
Microsoft, in an alert notified on Saturday, clarified that the vulnerabilities are limited to on-premises SharePoint servers used internally by organisations. The company confirmed that SharePoint Online, the cloud-based version included in Microsoft 365, was not affected by the attacks.
According to The Washington Post, which first reported the hacks, unknown attackers recently took advantage of a software flaw to carry out an assault aimed at both US and global agencies and companies.
‘Zero-day attack’
Experts cited by the newspaper described the incident as a “zero-day” attack, referring to its exploitation of a vulnerability that had not been previously identified. The attack potentially put tens of thousands of servers in jeopardy.
Microsoft did not provide an immediate response when asked for comment.
In the alert, the company explained that the vulnerability “allows an authorized attacker to perform spoofing over a network.” Microsoft also shared guidance to help prevent further exploitation of the flaw.
In a spoofing attack, a malicious actor can conceal their identity and impersonate a trusted individual, organisation, or website to deceive financial markets or government agencies.
On Sunday, Microsoft announced that it had released a security patch for the SharePoint Subscription Edition and urged customers to install it without delay.
The company also noted that it is currently developing security updates for the 2016 and 2019 versions of SharePoint. Until those patches are available, Microsoft advised customers who are unable to activate the recommended malware protection to take their servers offline to minimise exposure to threats.
