Microsoft has issued a warning regarding “active attacks” targeting its SharePoint collaboration software, revealing a major security risk that may impact organizations globally. The Cybersecurity and Infrastructure Security Agency (CISA) highlighted that a particular vulnerability permits unauthenticated access to systems, granting potential attackers full access to SharePoint content and the ability to execute malicious code across networks.
CISA stated that the threat level remains under assessment, but the agency clearly communicated that it “poses a risk to organizations.” This warning comes on the heels of Microsoft’s announcement on Sunday, when the company provided critical fixes for two versions of its SharePoint software. Specifically, a patch for SharePoint Server 2016, which is a widely used option for on-premises data centers, was rolled out on Monday evening.
Researchers from Palo Alto Networks indicated that the vulnerability could potentially affect thousands of organizations around the world, reinforcing the seriousness of the situation. They elaborated that “the exploits are real, in-the-wild and pose a serious threat.”
In light of these developments, it’s crucial for organizations to promptly apply the available patches to safeguard their systems. This proactive step can help mitigate risks associated with the ongoing attacks. As companies enhance their cybersecurity measures, there is hope that a collective effort can strengthen defenses and reduce the effectiveness of such malicious activities in the future.