Microsoft (MSFT, Financials) confirmed Monday it is facing active cyberattacks targeting its widely used SharePoint collaboration software, prompting an urgent response from governments and businesses around the world. The U.S. Cybersecurity and Infrastructure Security Agency said the vulnerability poses a major threat, allowing attackers full access to SharePoint content and the ability to execute code remotely.
Palo Alto Networks and Eye Security researchers said the exploit could affect thousands of organizations globally and warned of potential data theft, password harvesting, and persistent backdoor installation.
Microsoft issued emergency patches Sunday for two SharePoint versions, and late Monday added a fix for SharePoint Server 2016. The attacks only affect on-premises installations, not Microsoft 365 cloud environments, the company clarified. Eye Security said attackers can impersonate users even after patching, highlighting the need for continued vigilance.
Palo Alto's Unit 42 threat intelligence chief Michael Sikorski said attackers are already “exfiltrating sensitive data” and “stealing cryptographic keys.” Given SharePoint's integration with services like Outlook and Teams, the compromise may extend beyond document management.
Microsoft declined further comment beyond its blog post. Meanwhile, Alaska Airlines briefly halted ground operations Sunday due to an IT outage, though it remains unclear if it was related to the SharePoint vulnerability.
