Over the past few days, hackers have exploited a serious security vulnerability in widely used Microsoft server software to launch a global attack on government agencies and businesses, disrupting access to US federal and state agencies, universities, energy companies, and an Asian telecommunications company, UNN reports with reference to The Washington Post.
Details
The US government and partners in Canada and Australia are investigating the compromise of SharePoint servers, which provide a platform for sharing and managing documents. Tens of thousands of such servers are at risk, experts warn, and Microsoft has not released any fix for this vulnerability, forcing victims worldwide to try to respond.
The "zero-day" attack, so named because it targeted a previously unknown vulnerability, is just one of the cybersecurity embarrassments for Microsoft. Last year, a group of US government and industry experts accused the company of miscalculations that contributed to a targeted Chinese hack of US government emails in 2023, including emails from then-Commerce Secretary Gina Raimondo.
This attack only puts at risk servers hosted within an organization, not those in the cloud, such as Microsoft 365, officials said. The company initially suggested users make changes or simply disconnect SharePoint server applications from the Internet, but on Sunday night released a patch for one version of the software. Two other versions remain vulnerable, and Microsoft said it continues to work on developing a patch. The company declined further comment.
Anyone with a hosted SharePoint server has a problem. This is a significant vulnerability
The FBI said it was aware of the issue.
We are working closely with our federal government and private partners
We are seeing attempts to maliciously exploit thousands of SharePoint servers worldwide before a patch is available. We have identified dozens of compromised organizations, spanning both commercial and government sectors
The breaches occurred after Microsoft fixed a security flaw this month. Attackers realized they could exploit a similar vulnerability, according to the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security.
CISA spokeswoman Marcy McCarthy said the agency was notified of the issue on Friday by a cyber research firm and immediately contacted Microsoft.
Microsoft has been accused in the past of releasing fixes that were too narrowly designed and left similar avenues open to attack. The company, one of the largest technology providers to governments, has had other serious problems in the past two years, including breaches of its own corporate networks and executive emails. A software flaw in its cloud services also allowed Chinese-backed hackers to steal federal officials' emails.
On Friday, Microsoft said it would stop using Chinese engineers to support Department of Defense cloud computing programs after a report by the investigative outlet ProPublica revealed the practice, prompting Defense Secretary Pete Hegseth to order a review of the Pentagon's cloud agreements.
The non-profit Center for Internet Security, which brings together an information sharing group for state and local governments, notified about 100 organizations of their vulnerability and potential compromise, said Randy Rose, the organization's vice president. Among those warned were public schools and universities.
Addition
Pentagon chief Pete Hegseth initiated a review of Chinese engineers' access to US Department of Defense systems. This came after ProPublica published an article about Microsoft's use of Chinese engineers to work on military computing systems.