Microsoft warns of ‘active attacks’ on SharePoint collaboration software; businesses hit

“Active attacks” have targeted Microsoft’s SharePoint collaboration software, the company warned governments and businesses worldwide on late on Monday, July 21. SharePoint is generally used by global businesses and organisations to store and collaborate on documents.

According to the Cybersecurity and Infrastructure Security Agency, the vulnerability provides unauthenticated access to systems and full access to SharePoint content, which enables bad actors to execute code over the network.

The CISA has warned that this posses a risk to organisations, while the impact of the attack continues to be assessed.

Microsoft issued fixes for customers to apply to two versions of the SharePoint software and said that it is working towards developing a patch to fix the 2016 version.

Researchers at Palo Alto Networks believe that the hack is likely to have reached thousands of organisations globally. “The exploits are real, in-the-wild and pose a serious threat,” they added.

Microsoft added that this attack applies only to on-premise SharePoint servers and not those in the cloud, like Microsoft 365.

European Cybersecurity firm Eye Security, who claims to have first identified the flaw, said that the vulnerability is concerning, especially because it allows hackers to impersonate the user or services, even after the SharePoint server is patched.

“SharePoint servers often connect to other Microsoft services such as Outlook and Teams, meaning such a breach can “quickly” lead to data theft and password harvesting, Eye Security researchers said,” Eye Security Researchers said.

Vaisha Bernard, the Eye Security’s chief hacker and co-owner said that after scanning about 8,000 SharePoint servers, he has so far identified at least 50 that were successfully compromised.