NEWYou now have the option to listen to articles from a reliable source!
There are reports of hackers exploiting a new zero-day vulnerability in Microsoft’s SharePoint Server software. This software is utilized by significant U.S. government agencies, particularly those associated with national security.
The security flaw impacts on-premise versions of SharePoint, enabling attackers to infiltrate systems, pilfer data, and move through connected services discreetly. While the cloud version remains unaffected, the on-premise edition is extensively employed by major U.S. agencies, universities, and private enterprises, putting more than just internal systems at risk.
SharePoint zero-day: Understanding the exploit
The security vulnerability was initially discovered by cybersecurity firm Eye Security on July 18. Researchers indicate that it arises from a previously unidentified vulnerability chain that grants attackers complete control over vulnerable SharePoint servers without the need for any credentials. This flaw enables them to steal machine keys used for signing authentication tokens, allowing attackers to impersonate legitimate users or services even after a system is patched or rebooted.
How the SharePoint vulnerability enables hackers to access Microsoft services
Once inside a compromised SharePoint server, hackers can gain access to connected Microsoft services such as Outlook, Teams, and OneDrive, putting a wide range of corporate data at risk. The attack also enables hackers to maintain long-term access by stealing cryptographic material for signing authentication tokens. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is advising organizations to take action by checking for signs of compromise on systems and isolating vulnerable servers from the internet.
Microsoft confirms SharePoint exploit and releases patches
Microsoft has acknowledged the issue, revealing that it is aware of “active attacks” exploiting the vulnerability. The company has issued patches for SharePoint Server 2016, SharePoint Server 2019, and SharePoint Subscription Edition. All supported on-premise versions have received patches as of July 21.
What to do about the SharePoint security risk
If your organization utilizes on-premise SharePoint servers, it is crucial for your IT or security team to address this issue promptly. Even after patching a system, there could still be risks if machine keys were compromised. Administrators should rotate cryptographic keys, audit authentication tokens, and remain vigilant online.
Key Takeaway
The recent SharePoint zero-day vulnerability highlights how quickly research can transition into real-world attacks. What began as a proof-of-concept has now impacted numerous systems, including major government agencies. The concerning aspect is not just the access it provides but also how it allows hackers to remain undetected even after patching.
If you have any opinions on whether there should be stricter regulations regarding the use of secure software in government, feel free to reach out to us at Cyberguy.com/Contact.
