On Friday, October 25th, 2024, we went to the Microsoft Store in New York, USA.
Gina Moon | Bloomberg | Getty Images
Microsoft It warns of “active attacks” targeting SharePoint collaboration software, and security researchers say organizations around the world are affected by violations.
The Department of Cybersecurity and Infrastructure Security said in a release on Sunday that the vulnerability will provide unrecognized access to the system and full access to SharePoint content, allowing bad actors to run code on the network.
The CISA warned that the scope and impact of the attack remains assessed, but the agency would “pose a risk to the organization.”
Microsoft issued an amendment late on Sunday for customers to apply to two versions of SharePoint software.
On Monday evening, Microsoft released a patch for SharePoint Server 2016, an older option for on-premises data centers.
Researcher at Palo Alto Network Huck said it is likely that he has reached thousands of organizations around the world.
“The exploits are genuine, internal and pose serious threats,” they added.
A Microsoft spokesman declined to comment on the incident beyond what is shared in the company’s blog post.
Microsoft said on Saturday of alerts that the attacks will only apply to on-premises SharePoint servers, not on-premises in the cloud like Microsoft 365. SharePoint software is commonly used to store and collaborate documents in global businesses and organizations.
According to eye security researchers in European cybersecurity companies, hackers are particularly vulnerable as they are spoofing users or services even after a SharePoint server is patched.
SharePoint servers often connect to other Microsoft services such as Outlook and Teams. This means that such violations can lead to data theft and password harvesting “quickly”.
“When they enter, they remove sensitive data, develop a permanent background, steal encryption keys,” said Michael Sikorsky, CTO and head of threat intelligence at Unit 42 at Palo Alto. “Attackers have exploited this vulnerability to enter the system and have already established a foothold.”
In particular, Alaska Airlines Due to IT halt, ground operations were briefly suspended for about three hours on Sunday. In a statement, the airline said in a statement.
It was unclear whether the outage was related to a SharePoint attack.
