SharePoint Security Scare: Global Cyberattacks Exploit Microsoft Flaw
At least 100 organizations worldwide have fallen victim to cyberattacks that exploited an unknown vulnerability in Microsoft’s SharePoint software, according to security research groups Shadowserver Foundation and I-Security. Among the targeted entities are several government agencies in the United States and Germany, Reuters reports.
Microsoft issued a security advisory on Saturday confirming “active exploitation” of the self-hosted SharePoint servers. The attackers reportedly took advantage of a “zero-day” vulnerability to gain unauthorized access and attempted to establish long-term control over affected systems. Security researchers warned that more than 9,000 servers across the globe remain at risk.
Google has indicated that parts of the campaign appear to be linked to China-based hackers. However, Chinese authorities have not issued any official statement regarding the matter.
In response, Microsoft has released a security patch and urged all users to install the update promptly. Nevertheless, cybersecurity experts cautioned that “patching alone may not be sufficient” to fully address the threat.
