If Your Business Uses These Versions of Microsoft SharePoint, Patch Them Now
How did your country report this? Share your view in the comments.
Diverging Reports Breakdown
If Your Business Uses These Versions of Microsoft SharePoint, Patch Them Now
A large-scale attack on Microsoft’s server software, SharePoint, has affected systems across the world. The hacker or hackers exploited a previously unknown vulnerability, earning it the label “zero-day,” because the exploit had no existing fix. More than 8,000 servers online could have been compromised by the attack, including those serving banks, healthcare companies, and U.S. state and federal government agencies. Microsoft announced on July 20 that it has already issued patches for its Subscription Edition and SharePoint 2019 versions, but is working on a patch for SharePoint 2016.
A large-scale attack on Microsoft’s server software, SharePoint, has affected systems across the world. The following SharePoint versions are at issue: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, and Microsoft SharePoint Server 2016.
Microsoft announced on X on July 20 that it has already issued patches for its Subscription Edition and SharePoint 2019 versions, but is working on a patch for SharePoint 2016. “These vulnerabilities apply to on-premises SharePoint Servers only. Customers should apply these updates immediately to ensure they’re protected. We are actively working on updates for SharePoint 2016,” the post reads. Businesses using the cloud-based SharePoint Online service were not affected, according to Microsoft.
SharePoint is a service that allows businesses to store, share, organize and collaborate on information and documents. Thousands of businesses and government agencies use the service. Although it isn’t clear who is behind the hack, some experts believe it was the work of a single actor, Reuters reported. A researcher who helped discover the hack told Reuters that about 100 different organizations have so far been compromised. The hacker or hackers exploited a previously unknown vulnerability, earning it the label “zero-day,” because the exploit had no existing fix. Reuters reported that more than 8,000 servers online could have been compromised by the attack, including those serving banks, healthcare companies, and U.S. state and federal government agencies. The Cybersecurity and Infrastructure Security Agency (CISA) noted the attack offers malicious actors unauthenticated access to systems as well as to any content stored in SharePoint.
Businesses that use on-premise SharePoint Servers should check Microsoft’s blog post and immediately apply relevant patches. Microsoft also recommends that its customers turn on and configure its Antimalware Scan Interface (AMSI), deploy an antivirus solution such as Defender Antivirus, and rotate its SharePoint Server ASP.NET machine keys. Its blog post has instructions on how to do so. CISA further recommends that any organizations that are unable to configure AMSI and deploy Defender AV should disconnect affected products from the internet until official patches are available.