A Microsoft store in New York, US, on Friday, Oct. 25, 2024.
Microsoft has warned of "active attacks" targeting its SharePoint collaboration software, with security researchers noting that organizations worldwide stand to be affected by the breach.
The Cybersecurity and Infrastructure Security Agency said Sunday in a release that the vulnerability provides unauthenticated access to systems and full access to SharePoint content, enabling bad actors to execute code over the network.
CISA said that while the scope and impact of the attack continue to be assessed, the agency warned that it "poses a risk to organizations."
Microsoft late Sunday issued fixes for customers to apply to two versions of the SharePoint software. Another 2016 version remains vulnerable and the company said it is working to develop a patch.
Researchers at Palo Alto Networks said the hack likely reached thousands of organizations globally.
"The exploits are real, in-the-wild and pose a serious threat," they added.