Hackers are actively exploiting a severe vulnerability affecting Microsoft’s SharePoint software, putting thousands of businesses and organizations at risk across the globe. The security flaw lets attackers access sensitive files and encryption keys that could be used to regain entry even after the vulnerability is fixed.
In a press release on Saturday, July 19, the U.S. Cybersecurity and Infrastructure Security Agency said the bug affects SharePoint servers housed within an organization and not in the cloud. Such servers are commonly used for document storage and collaboration.
The security flaw is being referred to as a “zero-day,” a term used to describe a vulnerability that was being exploited before the software’s developers were aware of it.
‘Significant’ security vulnerability
The European cybersecurity firm Eye Security, which first revealed the flaw, warned that the vulnerability could permit even greater access into a target’s system, given that SharePoint servers often connect with other Microsoft services, such as Outlook, OneDrive and Teams.
Eye Security said it already found “dozens” of SharePoint servers being exploited. Known victims include federal and state government agencies, universities, energy companies and an Asian telecommunications company, according to The Washington Post.
Adam Meyers, senior vice president with the cybersecurity firm CrowdStrike, described the vulnerability as “significant,” telling The Post that “anybody who’s got a hosted SharePoint server has got a problem.”
Security patches may not be enough
Microsoft has issued patches for two versions of SharePoint so far. One version remains vulnerable, however.
Experts warn that even with security updates, SharePoint servers could still be exploited in the future if attackers gained access to encryption keys.
“Once inside, they’re exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys,” Michael Sikorski, the head of threat intelligence for Palo Alto’s Unit 42, told The Hacker News. “The attackers have leveraged this vulnerability to get into systems and are already establishing their foothold.”
Charles Carmakal, the chief technology officer at Google Cloud’s Mandiant, also warned of the bug’s severity in a statement on LinkedIn.
“This isn’t an ‘apply the patch and you’re done’ situation,” Carmakal said. “Organizations need to implement mitigations right away (and the patch when available), assume compromise, investigate whether the system was compromised prior to the patch/mitigation, and take remediation actions.”
Aside from security patches, those using on-premises SharePoint servers are also urged to rotate their encryption keys.
It is not yet publicly known who is actively exploiting the SharePoint flaw. The FBI has said it is “working closely with our federal government and private sector partners” on the matter.
Click this link for the original source of this article.
Author: Alan Judd
This content is courtesy of, and owned and copyrighted by, https://straightarrownews.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.
