Microsoft Fix Targets Attacks on SharePoint Zero-Day
1 min read
Summary
On Sunday, Microsoft released an emergency security update for SharePoint Server, following reports that the vulnerability has been exploited by malicious hackers to breach US federal and state agencies, educational establishments and energy companies.
The company said it is aware of active attacks targeting on-premises SharePoint Server customers, but stressed that SharePoint Online and Microsoft 365 are not affected.
According to the Cybersecurity & Infrastructure Security Agency, the attacks are exploiting a flaw that provides unauthenticated, remote access to systems, enabling attackers to access file systems and execute code over the network.
Researchers at Eye Security spotted large-scale exploitation of the vulnerability on 18 July.
The company stressed that patching the flaw alone is not enough, and urged affected organisations to rotate SharePoint server ASP.NET machine keys and restart IIS on all SharePoint servers.