Microsoft issues alert for possible cyberattack targeting server software used by governments, businesses
The FBI confirmed on Sunday that it is aware of the attacks and is collaborating with both federal and private-sector partners, though it did not disclose further information.
In an alert issued on Saturday, Microsoft said the vulnerabilities apply only to SharePoint servers used within organizations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks.
The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
The hack is known as a "zero day" attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk.
Microsoft did not immediately respond to a request for comment.
In the alert, Microsoft said that a vulnerability "allows an authorized attacker to perform spoofing over a network." It issued recommendations to stop the attackers from exploiting it.
In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization or website.
Microsoft said on Sunday it issued a security update for SharePoint Subscription Edition, which it said customers should apply immediately.
It said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it said.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
26 minutes ago
- Time of India
Explained: 10000-plus companies at risk and …, what makes the Microsoft SharePoint attack very dangerous right now
Microsoft is scrambling to contain a widespread cyberattack targeting SharePoint servers worldwide, with cybersecurity experts warning that over 10,000 companies could be at risk. Tired of too many ads? go ad free now The software giant confirmed that hackers are actively exploiting previously unknown security flaws in on-premises SharePoint servers used by government agencies, universities, and major corporations to share internal documents. The Cybersecurity and Infrastructure Security Agency ( CISA ) added the vulnerability to its Known Exploited Vulnerability catalog on Saturday, giving federal agencies just one day to apply patches once they become available. "These exploits are real, in-the-wild, and pose a serious threat," warned Palo Alto Networks, while Google's Threat Intelligence Group confirmed observing active exploitation attempts. Dutch cybersecurity firm Eye Security first detected the attacks on July 18th and reports that at least 85 SharePoint servers across 54 organizations have already been compromised. Among the victims are a California university, energy companies, federal health organizations, and government entities in Florida and New York. Microsoft Sharepoint's zero-day exploits leave tens and thousands of organisations vulnerable The attack leverages what's known as a "zero-day" vulnerability – a security flaw unknown to software makers until it's actively exploited by hackers. Cybersecurity researchers estimate that over 10,000 companies with SharePoint servers are potentially at risk, with the United States, Netherlands, United Kingdom, and Canada having the highest concentrations of vulnerable systems. "It's a dream for ransomware operators, and a lot of attackers are going to be working this weekend as well," said Silas Cutler, a researcher at Michigan-based Censys. Tired of too many ads? go ad free now The vulnerability allows hackers to access file systems, steal sensitive configurations, and execute malicious code across networks without authentication. The attackers are using a technique called "ToolShell" that was originally demonstrated at the Pwn2Own security conference . They upload malicious files to steal critical server keys, then use these stolen credentials to create valid access tokens that bypass security measures entirely. Government agencies among primary targets in Microsoft Sharepoint attack Federal and state agencies appear to be prime targets in this campaign, with the FBI confirming it's "aware of the matter" and working with government and private sector partners to assess the threat. The Washington Post reported that the breach has affected multiple U.S. agencies, though specific details remain classified for security reasons. CISA's Acting Executive Assistant Director for Cybersecurity Chris Butera emphasized the urgency: "Microsoft is responding quickly, and we are working with the company to help notify potentially impacted entities about recommended mitigations. CISA encourages all organizations with on-premise Microsoft SharePoint servers to take immediate recommended action." Organizations can detect if they've been compromised by checking for suspicious files named " on their servers or unusual network activity from specific IP addresses that security firms have identified as attack sources. Microsoft releases emergency updates Microsoft has released emergency security updates for SharePoint 2019 and Subscription Edition servers, with a patch for SharePoint 2016 expected soon. The company recommends that organizations unable to immediately apply updates should disconnect their SharePoint servers from the internet until patches can be installed. For additional protection, Microsoft advises enabling its Antimalware Scan Interface (AMSI) feature and deploying Windows Defender Antivirus on all SharePoint servers. Organizations should also rotate their server security keys after applying patches to prevent further unauthorized access. This incident adds to Microsoft's recent cybersecurity challenges, including Chinese hacker attacks earlier this year and criticism from the White House's Cyber Safety Review Board, which called the company's security culture "inadequate" following previous breaches.
Time of India
44 minutes ago
- Time of India
What to know about a vulnerability being exploited on Microsoft SharePoint servers
Academy Empower your mind, elevate your skills Microsoft has issued an emergency fix to close off a vulnerability in Microsoft's SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal company issued an alert to customers Saturday saying it was aware of the zero-day exploit being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 is a zero-day exploit? A zero-day exploit is a cyberattack that takes advantage of a previously unknown security vulnerability. "Zero-day" refers to the fact that the security engineers have had zero days to develop a fix for the to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting SharePoint is "a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers."Security researchers warn that the exploit, reportedly known as "ToolShell," is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and Threat Intelligence Group warned that the vulnerability may allow bad actors to "bypass future patching."How widespread is the impact? Eye Security said in its blog post that it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. The cybersecurity company said the attacks likely began on July the scope of the attack is still being assessed, CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
Mint
44 minutes ago
- Mint
Windows 11 update lets users submit real-time logs for sluggish performance: Report
Microsoft is stepping up efforts to address ongoing performance concerns in Windows 11 by introducing a new system to collect diagnostic data from users experiencing slow or unresponsive behaviour, reported The Verge. Reportedly, the company rolled out a fresh Windows 11 Insider test build on last week, featuring an automatic logging mechanism designed to gather feedback more effectively. This update allows Windows Insiders to submit real-time performance logs directly through the Feedback Hub when they encounter lag or sluggishness on their PCs. "Windows Insiders are encouraged to provide feedback when experiencing PC issues related to slow or sluggish performance, allowing Feedback Hub to automatically collect these logs, which will help us root cause issues faster," Microsoft said in a statement. The initiative is part of Microsoft's broader pledge to enhance the responsiveness and reliability of its operating system. It comes as users continue to report inconsistent performance across different hardware configurations, particularly since the OS launched in October 2021. Complaints have ranged from underwhelming gaming experiences on modern CPUs to a general perception that Windows 11 feels slower than its predecessor, Windows 10. While Microsoft has already introduced several under-the-hood improvements, such as optimisations to the Taskbar, notification area, and quick settings in 2023, this latest move signals a more proactive approach. Updates in the 24H2 release were also credited with boosting performance on older devices, and the forthcoming 25H2 update appears set to continue this trend. In addition to user-side improvements, Microsoft is tightening its standards for driver development. As part of the 25H2 update, developers will now be required to perform static analysis on drivers before certification, a measure aimed at detecting flaws in driver code early in the deployment process. By making performance monitoring more intuitive and addressing core system interactions, Microsoft hopes to quell criticism and ensure Windows 11 delivers a more seamless experience across the board.
