Hackers exploited a major security flaw in widely used Microsoft server software to launch a global attack on government agencies and businesses in the past few days, breaching U.S. federal and state agencies, universities, energy companies and an Asian telecommunications company, according to state officials and private researchers. The U.S. government and partners in Canada and Australia are investigating the compromise of SharePoint servers, which provide a platform for sharing and managing documents. Tens of thousands of such servers are at risk, experts said, and Microsoft has issued no patch for the flaw, leaving victims around the world scrambling to respond.
Advertisement Advertisement
Advertisement Advertisement
The “zero-day” attack, so called because it targeted a previously unknown vulnerability, is only the latest cybersecurity embarrassment for Microsoft. Last year, the company was faulted by a panel of U.S. government and industry experts for lapses that enabled a 2023 targeted Chinese hack of U.S. government emails, including those of then-Commerce Secretary Gina Raimondo.
Advertisement
This most recent attack compromises only those servers housed within an organization — not those in the cloud, such as Microsoft 365, officials said. After first suggesting that users make modifications to or simply unplug SharePoint server programs from the internet, the company on Sunday evening released a patch for one version of the software. Two other versions remain vulnerable and Microsoft said it is continuing to work to develop a patch. The company declined to comment further.
“Anybody who’s got a hosted SharePoint server has got a problem,” said Adam Meyers, senior vice president with CrowdStrike, a cybersecurity firm. “It’s a significant vulnerability.’’
The FBI said in a statement that it was aware of the matter. “We are working closely with our federal government and private sector partners,” it said.
Advertisement
“We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available,” said Pete Renals, a senior manager with Palo Alto Networks’ Unit 42. “We have identified dozens of compromised organizations spanning both commercial and government sectors.’’
... continue reading