Microsoft hit with SharePoint attack affecting global businesses and governments

Annie Palmer

CNBC

2 Min Read

5 hours ago

Updated

4 hours ago

Microsoft says it has ‘provided security updates and encourages customers to install them’. (Bianca De Marchi/AAP PHOTOS) Credit: AAP

Microsoft has warned of “active attacks” targeting its SharePoint collaboration software, with security researchers noting that organisations worldwide stand to be affected by the breach.

The Cybersecurity and Infrastructure Security Agency said Sunday in a release that the vulnerability provides unauthenticated access to systems and full access to SharePoint content, enabling bad actors to execute code over the network.

CISA said that while the scope and impact of the attack continue to be assessed, the agency warned that it “poses a risk to organisations.”

Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.

By continuing you agree to our Terms and Privacy Policy.

Microsoft late Sunday issued fixes for customers to apply to two versions of the SharePoint software. Another 2016 version remains vulnerable and the company said it is working to develop a patch.

Researchers at Palo Alto Networks said the hack likely reached thousands of organisations globally.

“The exploits are real, in-the-wild and pose a serious threat,” they added.

A Microsoft spokesperson declined to comment on the incident beyond what was shared in a company blog post.

In an alert Saturday, Microsoft said the attack applies only to on-premises SharePoint servers, not those in the cloud like Microsoft 365.

SharePoint software is commonly used by global businesses and organisations to store and collaborate on documents.

The vulnerability is especially concerning because it allows hackers to impersonate users or services even after the SharePoint server is patched, according to researchers at European cybersecurity firm Eye Security, which said it first identified the flaw.

SharePoint servers often connect to other Microsoft services such as Outlook and Teams, meaning such a breach can “quickly” lead to data theft and password harvesting, Eye Security researchers said.

“Once inside, they’re exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys,” Michael Sikorski, CTO and head of threat intelligence for Palo Alto’s Unit 42, said in a statement.

“The attackers have leveraged this vulnerability to get into systems and are already establishing their foothold.”

Separately, Alaska Airlines briefly halted its ground operations for about three hours on Sunday due to an IT outage. It lifted the ground stop at roughly 2 a.m. EST, the carrier said in a statement.

It was unclear whether the outage was related to the SharePoint attack.