Microsoft (MSFT, Financial) has confirmed a significant security breach on its SharePoint platform due to a zero-day vulnerability, impacting governmental bodies, banks, healthcare, and industries worldwide. Cybersecurity experts believe a single hacker group is behind the attacks, posing ongoing intrusion and data theft risks. The vulnerability, which Microsoft reported earlier, primarily affects the on-premise SharePoint version, leaving Microsoft 365 cloud services unaffected. Although patches are available for most versions, the 2016 version remains without a fix.
The U.S. FBI and other agencies are actively investigating the issue. The Cybersecurity and Infrastructure Security Agency (CISA) warns that unauthorized access through this flaw enables remote code execution and data theft, urging urgent system patches. European security firm Eye Security highlights the threat of persistent backdoor access, even post-patch. Palo Alto Networks (PANW) confirms the attacks' severity, emphasizing systemic infiltration risks.
Shodan data reveals over 8,000 SharePoint servers potentially compromised globally, involving industries and government agencies. Sophos and Card advise organizations to assume breaches and conduct comprehensive security checks beyond patching. Alaska Airlines (ALK) experienced an unrelated IT disruption, fueling speculation due to timing.
