Hackers Exploit Microsoft Software Vulnerability To Reportedly Target Governments And Businesses

A vulnerability in Microsoft’s SharePoint server software was exploited by hackers to carry out “active attacks” globally on various entities, including businesses and U.S. federal agencies, prompting the software giant to issue an emergency patch.

The security patch released by Microsoft only fixed the vulnerability on the latest “SharePoint Subscription Edition and SharePoint 2019.” The company said it is still actively working on a fix for the older SharePoint 2016 version. It is unclear how many government entities and businesses are still using the 2016 version. In its advisory, the company advises affected users to consider disconnecting your server from the internet until a security update is available.

The hack targeting SharePoint users is referred to as a “zero-day” attack, as the hackers exploited a previously unknown vulnerability. Dutch cybersecurity firm Eye Security was the first to report on the zero-day exploit over the weekend. In a blog post, the company said its team scanned more than 8,000 SharePoint servers worldwide on Friday and “discovered dozens of systems actively compromised.” The blog stated these attacks occurred in two waves on July 18 and 19.

The SharePoint hack is the latest high-profile cybersecurity incident involving Microsoft in recent years. In 2023, the company disclosed that Chinese hackers were able to gain access to the email accounts of around 25 organizations, including U.S. government agencies, by exploiting a vulnerability in Microsoft Exchange email server platform. The email accounts of former Commerce Secretary Gina Raimondo and many Biden-era State Department officials were impacted by the breach. Last year, the White House instituted Cyber Safety Review Board published a report on the breach that was scathing in its criticism of Microsoft. The review board said its probe “identified a series of Microsoft operational and strategic decisions that collectively point to a corporate culture that deprioritized both enterprise security investments and rigorous risk management.” The board’s report added that Microsoft made a cascade of…avoidable errors that allowed this intrusion to succeed.

This most recent attack compromises only those servers housed within an organization — not those in the cloud, such as Microsoft 365, officials said. After first suggesting that users make modifications to or simply unplug SharePoint server programs from the internet, the company on Sunday evening released a patch for one version of the software. Two other versions remain vulnerable and Microsoft said it is continuing to work to develop a patch. The company declined to comment further.