Microsoft SharePoint attack: Officials issue warning about 'active exploitation'
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) posted an alert on its website Sunday, July 20, saying it was aware of "active exploitation" of a security vulnerability that was allowing unauthorized access to on-site SharePoint servers.
The "scope and impact" of the issue was still being assessed, CISA said in the notice posted July 20, but officials said the vulnerability "poses a risk" to organizations that house their own SharePoint servers.
Microsoft, in an alert posted Saturday, July 19, said the vulnerability enables an 'authorized attacker to perform spoofing over a network,' a type of cyberattack in which an attacker attempts to trick a user or system into believing they are a trusted or known source.
"The FBI is aware of the matter, and we are working closely with our federal government and private sector partners," a Microsoft spokesperson told USA TODAY Monday.
SharePoint is used by government agencies and businesses in the U.S. and around the world, as reported by Reuters and the Washington Post, which first reported the attacks.
It was not immediately known who was behind the attack, but a cybersecurity researcher told Reuters on Monday, July 21, it is likely the work of a single actor.
"Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm, told the outlet. "However, it's possible that this will quickly change."
Markets news: US stocks open higher as investors eye more earnings and tariff news
Microsoft SharePoint vulnerability
In its alert about the ongoing attacks on SharePoint servers, Microsoft urged customers to install new security updates.
The company said SharePoint Online in Microsoft 365, stored in the cloud, was not hit by the exploit. The attack is dubbed by experts as "zero day," because, officials said, it was a shock to cybersecurity researchers.
Microsoft's stock price was mostly flat on Monday morning, July 21.
'Customers should apply these updates'
Microsoft reported it issued recommendations to stop attackers from exploiting it.
"Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771," the post reads. 'Customers should apply these updates immediately to ensure they're protected."
To access Microsoft's link to the updates click here.
USA TODAY has reached out to Microsoft for more information.
Contributing: Reuters
Natalie Neysa Alund is a senior reporter for USA TODAY. Reach her at nalund@usatoday.com and follow her on X @nataliealund.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
15 minutes ago
- Yahoo
Analysis-Europe's old power plants to get digital makeover driven by AI boom
By Forrest Crellin PARIS (Reuters) -Some of Europe's ageing coal and gas fired power plants can look forward to a more high-tech future as big tech players, such as Microsoft and Amazon, seek to repurpose them as data centres, with ready-made access to power and water. Companies such as France's Engie, Germany's RWE, and Italy's Enel are looking to benefit from a surge in AI-driven energy demand by converting old power sites into data centres and securing lucrative long-term power supply deals with their operators. The data centre option offers the utilities a way to offset the hefty costs of shutting down ageing power plants as well as potentially underwriting future renewable developments. Tech companies see these sites as a quick way to secure power grid connections and water cooling facilities, two big bottlenecks in the AI industry. "You have all the pieces that come together like ... water infrastructure and heat recovery," said Bobby Hollis, vice president for energy at Microsoft. Lindsay McQuade, EMEA energy director at Amazon , said she expected permitting for data centres to move faster at old sites, where a big chunk of infrastructure was already in place. Utilities can either lease the land or build and operate the centres themselves, securing long-term power contracts with tech firms, he said. The deals offer much more than just the sale of unused land as they include opportunities for stable, high-margin revenue, said Simon Stanton, head of Global Partnerships and Transactions at RWE. "It's more about the long-term relationship, the business relationship that you get over time that enables you to de-risk and underwrite your infrastructure investments," Stanton said. Most of EU's and Britain's 153 hard coal and lignite plants are set to close by 2038 to meet climate targets, joining the 190 plants that have closed since 2005, based on data from NGO Beyond Fossil Fuels, which campaigns to accelerate closure of coal-fired power stations. NEW REVENUE STREAMS The economics of data centre deals can be compelling for the utilities, which can negotiate a long-term power supply contract to underwrite future renewable developments. Tech firms are paying premiums of up to 20 euros per megawatt-hour for low-carbon power, said Gregory LeBourg, environmental program director at French data centre operator OVH. Data centre power demands can be anywhere from a couple hundred megawatts to a gigawatt or more. So the annual 'green premium' - the extra price paid for low-carbon electricity - on top of a base market price could potentially translate into a long-term contract worth hundreds of millions or even billions of euros, based on Reuters' calculations. One long-term option is to build an "energy park" and connect the data centre to a new renewable development, relying on the grid for emergencies, but this is a relatively new concept, industry sources said. Engie wants to double its installed renewable energy by 2030 from the current 46 GW. The group has identified 40 sites globally that it is marketing to data centre developers, including coal and gas plants that could be converted, said Sebastien Arbola, who runs the company's data centre business. One is the Hazelwood coal plant in Australia, which closed in 2017. He declined to disclose details of other sites, saying they are mostly in Europe. Other utilities, including Portugal's EDP, EDF, and Enel said they are also marketing old gas and coal sites for new data centre development. "It's business model diversification," said Michael Kruse, managing partner at consultancy Arthur D. Little. Utilities are creating a new type of business and also new revenue streams, he said. 'SPEED TO POWER' The appeal for tech companies is speed. Grid connection delays in Europe can stretch over a decade, while repurposed plants potentially offer speedier access to power and water. "You actually have the opportunity to move faster," said Hollis at Microsoft. Data centre capacity in Europe is much lower than the United States and Asia due to longer grid connection times and slower permitting, data from Synergy Research Group showed. The data centre operators can choose to buy the renewable power they need directly from the utilities in the form of long-term contracts or purchase from the power market. Real estate firm JLL is working on several conversions, including a 2.5 GW data centre at a former German coal plant and four sites in Britain for a major tech client, said Tom Glover, who works on data centre transactions at JLL. Developers do not often disclose more detail about data centre projects, including their clients, for security reasons. Britain's Drax is also seeking a partner to develop unused parts of an old coal site in Yorkshire, now partially converted to biomass. It offers access to unused water cooling equipment, said Richard Gwilliam, Drax's carbon programme director. Drax is offering a "behind-the-meter" deal where the power plant will provide direct power to the data centre and it can pull from the grid if necessary. EDF has also chosen developers for two sites at gas power plants in central and eastern France. Tech companies are willing to pay more for projects that can start up sooner as they vie for market share in a rapidly growing industry, said Sam Huntington, director of research at S&P Global Commodity Insights. "Speed to power is just the phrase we keep hearing over and over again," he said. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
an hour ago
- Yahoo
India insurance regulator fines PB Fintech unit 50 million rupees
(Reuters) -India's insurance regulator has fined PB Fintech's online insurance aggregator arm 50 million rupees (around $570,000) for violating certain norms, the company said on Tuesday. ($1 = 87.7880 Indian rupees) Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
New York Times
2 hours ago
- New York Times
Corrections: Aug. 5, 2025
Because of an editing error, an article on Saturday about the impact of President Trump's shifting tariff levels on the African nation of Lesotho misstated the day Lesotho's 15 percent tariff rate was announced. It was Thursday night, not Friday night. An article on Monday about a city in Kansas suing over a planned ICE detention center misstated the language in a poster seen at a protest of an immigration detention facility in Leavenworth, Kan. The poster said that Leavenworth is 'more than a prison town,' rather than 'not just a prison town.' An article on Friday about Ford Motor announcing that it lost money in the second quarter as tariffs took a toll on its business misstated the day that Ford reported its second-quarter earnings. It was Wednesday, not Tuesday. A picture from the streaming outlet TBPN published with an article on Friday about A.I. researchers' pay packages misidentified a Microsoft employee who used to work at Google's DeepMind lab. The person shown in the image was not Amar Subramanya. An article on Saturday about the negative impact that the Trump administration's tariffs are having on businesses they were meant to help misstated the month that the United States lost 11,000 manufacturing jobs. It was July, not June. The article also misstated the number of manufacturing job losses in June, based on initial estimates. The revised number was 15,000, not 6,000. The earlier estimate was 6,000. An article on Sunday about a veteran lifeguard's Friday routine misstated, in some instances, Javier Rodriguez's surname on second reference and that of his three adult children. Their surname is Rodriguez, not Hernandez. Errors are corrected during the press run whenever possible, so some errors noted here may not have appeared in all editions. To contact the newsroom regarding correction requests, please email nytnews@ To share feedback, please visit Comments on opinion articles may be emailed to letters@ For newspaper delivery questions: 1-800-NYTIMES (1-800-698-4637) or email customercare@
