Microsoft has issued an urgent security patch to counter active cyberattacks targeting its SharePoint server software, with cybersecurity analysts warning that thousands of organisations globally are vulnerable to the breach.
The software giant said the patch aims “to mitigate active attacks targeting on-premises servers,” adding that more updates are underway. The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed awareness of the flaw, which allows attackers to gain access to file systems, execute remote code, and alter internal configurations.
Security researchers estimate the scope of the threat is significant. Silas Cutler, a researcher at Michigan-based Censys, said more than 10,000 organisations with on-premises SharePoint servers could be at risk. “It’s a dream for ransomware operators, and a lot of attackers are going to be working this weekend as well,” Cutler said.
The United States has the largest number of vulnerable systems, followed by the Netherlands, the United Kingdom, and Canada, he added.
Cybersecurity firm Palo Alto Networks described the threat as “real, in-the-wild, and pose a serious threat.” Google’s Threat Intelligence Group said it had observed active exploitation of the vulnerability, which allows “persistent, unauthenticated access and presents a significant risk to affected organisations.”
According to The Washington Post, the breach has already impacted US federal and state agencies, universities, energy companies, and an Asian telecommunications provider.
This marks the latest in a string of cyber incidents involving Microsoft. In March, the company said Chinese hackers were targeting remote management tools and cloud applications to spy on US and international organisations.
In a 2023 review of a separate breach involving Exchange Online, the US Cyber Safety Review Board found that Microsoft’s “security culture was inadequate.” That hack affected 22 organisations and hundreds of individuals, including former US Commerce Secretary Gina Raimondo.
