Microsoft hit with SharePoint attack — one version still vulnerable

Microsoft has issued a stark warning about ongoing attacks targeting its SharePoint collaboration software, signaling a significant threat to organizations worldwide. Security researchers have identified a vulnerability that allows unauthorized access to systems, giving malicious actors the ability to execute harmful code across networks. The Cybersecurity and Infrastructure Security Agency (CISA) released a statement on Sunday, highlighting that the extent and impact of the breach are still under evaluation. However, they cautioned that the situation poses a serious risk to organizations using the affected software. In response, Microsoft rolled out fixes for two versions of SharePoint late Sunday, but a 2016 version remains unpatched, with the company actively working on a solution. Palo Alto Networks has reported that this breach may have affected thousands of organizations globally, emphasizing the real and pressing nature of the exploits. Microsoft clarified that the attacks are limited to on-premises SharePoint servers, excluding cloud-based services like Microsoft 365. SharePoint is widely utilized by businesses for document storage and collaboration, making this vulnerability particularly alarming. Researchers from European cybersecurity firm Eye Security, who first detected the flaw, warned that even after applying a patch, hackers could still impersonate users or services. The interconnected nature of SharePoint with other Microsoft services, such as Outlook and Teams, raises the stakes significantly. Eye Security's experts noted that a breach could rapidly result in data theft and password harvesting. In a separate incident, Alaska Airlines experienced a temporary halt in its ground operations for about three hours due to an IT outage, which was lifted around 2 a.m. EST. It remains unclear if this outage is connected to the SharePoint attack.