- Microsoft has alerted businesses and governments to “active attacks” on its popular SharePoint collaboration software.
- Patches have been issued for two versions of SharePoint software, while one version remains vulnerable.
- The Cybersecurity and Infrastructure Security Agency said the vulnerability provides access to file systems and the ability to execute code.
Microsoft
has warned of “active attacks” targeting its
SharePoint
collaboration software, with security researchers noting that organizations worldwide stand to be affected by the breach.
Stream San Diego News for free, 24/7, wherever you are with NBC 7.
The Cybersecurity and Infrastructure Security Agency
said
Sunday in a release that the vulnerability provides unauthenticated access to systems and full access to SharePoint content, enabling bad actors to execute code over the network.
CISA said that while the scope and impact of the attack continue to be assessed, the agency warned that it “poses a risk to organizations.”
Get top local San Diego stories delivered to you every morning with our News Headlines newsletter.
Microsoft late Sunday issued fixes for customers to apply to two versions of the SharePoint software. Another 2016 version remains vulnerable and the company
said
it is working to develop a patch.
Researchers at
Palo Alto Networks
said the hack likely reached thousands of organizations globally.
“The exploits are real, in-the-wild and pose a serious threat,” they added.
Money Report
From California to Gulf Coast, Trump’s trade war take biggest toll on nation’s smaller, secondary ports
39-year-old dermatologist bought a $2 million home outside of Miami—why she’s never lived there
-
Peter Thiel just bought a big stake in Tom Lee’s ether company and the shares are surging
-
Nvidia CEO Jensen Huang wants to sell more advanced chips to China after H20 ban is lifted
-
Crypto bounces on renewed optimism House could pass key stablecoin legislation this week
-
Whoop says FDA is ‘overstepping its authority’ with warning about blood pressure feature
A Microsoft spokesperson declined to comment on the incident beyond what was shared in a company blog post.
In
an alert
Saturday, Microsoft said the attack applies only to on-premises SharePoint servers, not those in the cloud like Microsoft 365. SharePoint software is commonly used by global businesses and organizations to store and collaborate on documents.
The vulnerability is especially concerning because it allows hackers to impersonate users or services even after the SharePoint server is patched,
according
to researchers at European cybersecurity firm Eye Security, which said it first identified the flaw.
SharePoint servers often connect to other Microsoft services such as Outlook and Teams, meaning such a breach can “quickly” lead to data theft and password harvesting, Eye Security researchers said.
“Once inside, they’re exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys,” Michael Sikorski, CTO and head of threat intelligence for Palo Alto’s Unit 42, said in a statement. “The attackers have leveraged this vulnerability to get into systems and are already establishing their foothold.”
Separately,
Alaska Airlines
briefly halted its ground operations for about three hours on Sunday due to an IT outage. It lifted the
ground stop
at roughly 2 a.m. EST, the carrier said in a statement.
It was unclear whether the outage was related to the SharePoint attack.
-
Analysts raise Nvidia price targets after Trump’s China chip decision. One sees $5 trillion market cap ahead
-
Dividend payouts could hit a record this year. These stocks are Wall Street’s favorites
-
Breakup rumors at Kraft Heinz prompt speculation Berkshire Hathaway may be selling its stake
-
Coming to a 401(k) near you: Private market assets
Also on CNBC
-
CoreWeave stock climbs after company announces $1.5 billion bond sale
-
This crypto treasury firm wants to the MicroStrategy of ether and generate yield
-
Musk’s X refuses to hand over data in ‘politically motivated’ French probe
