Microsoft (MSFT, Financial) has issued a warning about active cyberattacks targeting users of its document management software, SharePoint. Security experts have highlighted the potential for these attacks to cause widespread data breaches globally. The U.S. Cybersecurity and Infrastructure Security Agency noted that vulnerabilities in the software could allow hackers to access file systems and execute code.
Over the weekend, Microsoft released a new patch for customers to apply to their SharePoint servers to mitigate these attacks, specifically targeting on-premises servers. However, the company is still working on additional patches to address ongoing security issues. Cybersecurity firms have cautioned that a wide range of organizations could be affected, as tens of thousands, or even hundreds of thousands, of businesses and institutions use SharePoint for document storage and collaboration.
Microsoft has indicated that hackers are particularly focusing on customers running SharePoint servers on their local networks, rather than those using Microsoft's hosted and managed versions. Consequently, the impact may be limited to a subset of the customer base.
According to Silas Cutler, a researcher at Michigan-based cybersecurity company Censys, over 10,000 companies using SharePoint servers are at risk, with the highest concentration in the United States, followed by the Netherlands, the United Kingdom, and Canada.
