Cyberattack Hits Microsoft SharePoint, Patch Still Needed for One Version

Microsoft has issued a warning about "active attacks" on its SharePoint collaboration software, with security analysts predicting a global impact.

According to a release issued Sunday by the Cybersecurity and Infrastructure Security Agency, the vulnerability allows bad actors to execute code across the network by granting them unauthenticated access to systems and complete access to SharePoint material.

CISA stated that the scope and impact of the attack are still being examined, but that it "poses a risk to organizations." 

Microsoft late Sunday published patches for two versions of the SharePoint software.  Another 2016 version remains susceptible, and the business has stated that it is working on a patch.

Palo Alto Networks researchers estimate that the intrusion affected thousands of organizations globally.

"The exploits are real, in-the-wild and pose a serious threat," the spokespersons said. 

Microsoft issued an advisory on Saturday stating that the assault only affects on-premises SharePoint servers, not those in the cloud, such as Microsoft 365.  Global enterprises and organizations routinely utilize SharePoint software for document storage and collaboration.

The vulnerability is particularly alarming because it allows hackers to impersonate users or services long after the SharePoint server has been patched, according to experts from European cybersecurity firm Eye Security, which initially discovered the flaw. 

SharePoint servers frequently connect to other Microsoft services such as Outlook and Teams, so a breach can "quickly" result in data theft and password harvesting, according to Eye Security analysts.