Microsoft issued an emergency fix to close off a vulnerability in its SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.
The software giant on Saturday said it was aware of “active attacks” that exploited vulnerabilities in the program, a product that allows companies and other businesses to create websites.
The hackers breached U.S. federal and state agencies as well as universities and energy companies through the vulnerability, according to the Washington Post.
On Sunday, Microsoft updated its guidance with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software.
The attack was a so-called “zero-day” exploit, or when hackers take advantage of a previously unknown vulnerability, often to steal sensitive data and passwords. The vulnerability also could allow hackers to access services connected to SharePoint, including OneDrive and Teams.
“Once inside, they can access all SharePoint content, system files, and configurations and move laterally across the Windows Domain,” noted Netherlands-based research company Eye Security in a research note about the breach.
It added, “Because SharePoint often connects to core services like Outlook, Teams, and OneDrive, a breach can quickly lead to data theft, password harvesting, and lateral movement across the network.”
Microsoft said in its blog post that it discovered at least dozens of systems were compromised around the world. Security engineers stated the attacks occurred in waves on July 18 and 19.
Although the scope of the attack is still being assessed, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
