Microsoft (MSFT, Financial) is currently grappling with a significant security issue as its server software faces attacks from unidentified hackers. Cybersecurity analysts warn of a potential large-scale security breach worldwide. Microsoft has released a new security patch for SharePoint servers to mitigate these active attacks on local servers and is working on deploying additional fixes.
The U.S. Cybersecurity and Infrastructure Security Agency confirmed the vulnerability, highlighting that hackers could exploit it to access file systems, internal configurations, and execute code across networks. Research from Michigan-based cybersecurity firm Censys estimates that over 10,000 companies globally using SharePoint servers are at risk, with the highest number of affected companies in the U.S., followed by the Netherlands, the UK, and Canada.
Palo Alto Networks has warned that these vulnerabilities pose a serious threat. Google's Threat Analysis Group has observed hackers exploiting the vulnerability, leading to unauthorized access and significant risks to affected organizations. Reports indicate that U.S. federal and state agencies, universities, energy companies, and an Asian telecom operator have already been breached.
This incident is part of a series of recent cyberattacks on Microsoft. Earlier, the company warned of Asian hackers targeting remote management tools and cloud applications to monitor various organizations. The White House's cybersecurity review board previously criticized Microsoft's security culture after a breach in its Exchange Online service.
