Microsoft hit with SharePoint attack — one version still vulnerable
A Microsoft store in New York, US, on Friday, Oct. 25, 2024.
Jeenah Moon | Bloomberg | Getty Images
Microsoft has cautioned about “active attacks” targeting its SharePoint collaboration software, with security experts pointing out that businesses worldwide could be impacted by the breach.
The Cybersecurity and Infrastructure Security Agency announced on Sunday in a statement that the vulnerability allows unauthorized access to systems and complete access to SharePoint content, giving malicious actors the ability to run code over the network.
CISA mentioned that while the extent and consequences of the attack are still being evaluated, the agency cautioned that it “poses a threat to organizations.”
Microsoft released patches on Sunday for customers to apply to two versions of the SharePoint software. A 2016 version remains exposed, and the company stated that it is working on a fix.
Experts at Palo Alto Networks indicated that the breach likely impacted numerous organizations globally.
“The exploits are real, in-the-wild, and pose a significant threat,” they added.
CNBC has contacted Microsoft for further comments and details.
In an advisory on Saturday, Microsoft clarified that the attack only affects on-premises SharePoint servers, not those in the cloud like Microsoft 365. SharePoint software is widely used by global enterprises and organizations for document storage and collaboration.
The vulnerability is particularly worrisome as it allows hackers to masquerade as users or services even after the SharePoint server is patched, according to researchers at European cybersecurity firm Eye Security, who were the first to identify the flaw.
SharePoint servers often integrate with other Microsoft services such as Outlook and Teams, which means a breach can lead to data theft and password harvesting “quickly,” as noted by Eye Security researchers.
Additionally, Alaska Airlines briefly suspended its ground operations for around three hours on Sunday due to an IT outage. The carrier announced that it lifted the ground stop at approximately 2 a.m. EST.
It was not clear whether the outage was linked to the SharePoint attack.
