Microsoft SharePoint servers are under attack because of a major security flaw

From The Verge: Hackers have exploited vulnerabilities in Microsoft’s SharePoint software, placing tens of thousands of on-premises servers used by global businesses and agencies at risk. Microsoft issued an alert on Saturday disclosing that it was aware of “active attacks,” and that it was working to patch the zero-day exploit.

Researchers at Eye Security first identified the vulnerability on July 18th, which allows hackers to access certain on-premises versions of SharePoint and steal keys that can let them impersonate users or services even after the server is rebooted or patched. That means servers that have already been compromised may still be a risk for businesses, but cloud versions of SharePoint aren’t vulnerable to the exploit and are unaffected.

Hackers can use the zero-day exploit to steal sensitive data, harvest passwords, and move across the breached network through services that are often connected to SharePoint, including Outlook, Teams, and OneDrive. The exploit appears to have originated from a combination of two bugs that were presented at the Pwn2Own hacking contest in May, allowing unauthenticated access to SharePoint servers.

Microsoft has released patches to “fully protect” SharePoint 2019 and SharePoint Subscription Edition servers, and the company is actively working on a patch for SharePoint 2016.

View: Full Article