A cyber security vulnerability in Microsoft's SharePoint collaboration software has been added to the US Cybersecurity and Infrastructure Security Agency exploitation list as customers deal with the potential fallout.
Computer security experts say hackers have exploited the loophole and potentially compromised private and public computer networks in the US.
The individual or group behind the software exploitation is not yet known.
“The incident reveals the growing sophistication of threat actors who have gained internal access to an environment and can now leverage existing resources (like Microsoft Exchange, SharePoint,) to conduct nefarious missions beyond just ransomware attacks, like 'wiper' malware that deletes data,” said Morey Haber, a chief security adviser at cyber security company BeyondTrust.
Mr Haber said Microsoft appears to have responded quickly once the vulnerability to Sharepoint was identified, but that for some, it might be too little, too late.
“Considering the speed of exploitation, some organisations may be waking up Monday morning to a fresh series of attacks,” he explained.
The various editions of Microsoft Sharepoint are also making it more difficult to provide a one-size-fits-all solution.
Microsoft said that it released a security update for SharePoint 2019, and that other fixes would be on the way.
“We are actively working on updates for SharePoint 2016,” the Redmond, Washington software company posted on X.
Santiago Pontiroli, lead researcher at cyber protection company Acronis, said: “This incident continues a trend of high-impact attacks against Microsoft infrastructure, including the Exchange mass exploitation in 2021 and the 2023 cloud email breach.
“Over the past several years, state-aligned and advanced persistent threat groups have repeatedly abused vulnerabilities in Microsoft platforms to gain initial access, steal sensitive data, and establish long-term footholds in enterprise networks.”
Microsoft does, however, invest heavily in trying to prevent such breaches from occurring.
Federal law enforcement agencies regularly work with the company and have a presence at its cyber crime centre in Redmond.
Cyber security is a continuing game of "whack-a-Mole", and that companies and organisations using Sharepoint should take it seriously," Mr Pontiroli said.
“Organisations still running on-premises SharePoint need to act now,” he said. “Apply the latest updates, monitor for signs of compromise, and assume exposure if systems were only partially patched.”
