Microsoft flags live threat to internal server software, urges swift patch
Microsoft says vulnerabilities apply only to SharePoint servers used within organisations
Microsoft has warned of ongoing cyberattacks targeting a widely used server tool that helps government agencies and businesses share internal documents.
The tech giant, in an alert, urged customers to apply critical security updates immediately to block the threat.
The FBI on Sunday said it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details.
In an alert issued on Saturday, Microsoft said the vulnerabilities apply only to SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks.
The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted US and international agencies and businesses.
The hack is known as a "zero day" attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk.
Microsoft did not immediately respond to a request for comment.
In the alert, Microsoft said that a vulnerability "allows an authorised attacker to perform spoofing over a network." It issued recommendations to stop the attackers from exploiting it.
In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organisation or website.
Microsoft said on Sunday it issued a security update for SharePoint Subscription Edition, which it said customers should apply immediately.
It said it is working on updates to the 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it said.
-
Mysterious debris found on Australian beaches could be ‘space balls'
-
China launches new satellite group in major space mission
-
New drone imaging detects hidden underwater bombs with remarkable accuracy
-
Did 'hobbit' human species ever hunt or use fire? New study challenges long-held assumptions
-
Experts share 3 predictions for America's next 250 years in space
-
NASA launches first-of-its kind mission to rescue 3,200-pound falling space telescope
-
'Alien gun' on Mars? Resurfaced viral NASA photo sparks fresh extraterrestrial theories
-
NASA's bold effort to rescue Swift Observatory telescope hits an unexpected setback
-
Scientists create world’s first synthetic cell from scratch, marking historic biology milestone
-
Is there a launch today? SpaceX, ULA rocket launch schedule in Florida explained
-
1.7 million planned satellites could devastate astronomy, scientists warn
-
Can NASA save Swift Observatory telescope? Inside space agency's bold rescue mission