Hackers took advantage of a security flaw in a popular Microsoft server software, with analysts warning of widespread cybersecurity breaches in the US and beyond. The zero-day exploit (meaning, the developer has only learned of the flaw, earlier unknown, and has zero days to fix it) has placed thousands of on-premises servers used by global businesses and agencies at risk. (On-premise server is a physical, on-site server that a company or agency needs to manage and maintain.)
Microsoft has issued an alert, disclosing that it is aware of “active attacks” and is working to patch the exploit. “These vulnerabilities apply to on-premises SharePoint Servers only. SharePoint Online in Microsoft 365 is not impacted,” said the company. SharePoint servers provide a platform for sharing and managing documents.
First reported by The Washington Post, the attack has been on government agencies and businesses in the past few days, breaching US federal and state agencies. It has also affected some energy companies and universities. It is unclear if companies and agencies in India have been affected.
“Anybody who’s got a hosted SharePoint server has got a problem,” said Adam Meyers, senior vice-president with CrowdStrike, a cybersecurity firm. “It’s a significant vulnerability.’’ The vulnerability allowed hackers to access file systems and internal configurations, as well as execute code, the US Cybersecurity and Infrastructure Security Agency (CISA) said.
Hackers can potentially use the zero-day exploit to steal sensitive data and cut across the breached network through services that are often connected to SharePoint, including Outlook, Teams, and OneDrive.
Microsoft has released a security update for “SharePoint Subscription Edition to mitigate active attacks targeting on-premises servers” and has asked customers to apply the update immediately.
Michael Sikorski, CTO and head of threat intelligence for Unit 42 at Palo Alto Networks, a global cybersecurity company, said: “An immediate, band-aid fix would be to unplug your Microsoft SharePoint from the Internet until a patch is available. A false sense of security could result in prolonged exposure and widespread compromise.”
A Microsoft spokesperson said: “We’ve been coordinating closely with CISA, DOD Cyber Defence Command and key cybersecurity partners globally throughout our response.” The FBI is aware of the attacks and is “working closely with our federal government and private sector partners”.