NEW YORK (AP) — Microsoft has issued an emergency fix to close off a vulnerability in Microsoft’s SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.
Related Articles
Harvard is hoping court rules Trump administration’s $2.6B research cuts were illegal
Alaska Airlines resumes operations after tech outage grounds all flights
Today in History: July 21, verdict reached in Scopes ‘Monkey Trial’
Today in History: July 20, Neil Armstrong and Edwin Aldrin walk on the moon
Today in History: July 19, the Seneca Falls Convention
The company issued an alert to customers Saturday saying it was aware of the zero-day exploit — where hackers take advantage of a previously unknown vulnerability — being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software.
Cyber criminals often use zero-day exploits to steal sensitive data and passwords. The vulnerability also could allow hackers to access services connected to SharePoint, including OneDrive and Teams.
The company said in its blog post that it discovered at least dozens of systems were compromised around the world. Security engineers stated the attacks occurred in waves on July 18 and 19.
Although the scope of the attack is still being assessed, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
Leave a Reply