What to know about a vulnerability being exploited on Microsoft SharePoint servers
Microsoft has issued an emergency fix to close off a vulnerability in Microsoft's widely-used SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some U.S. government agencies.
The company issued an alert to customers on July 19 saying it was aware of the zero-day exploit being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software.
'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president with CrowdStrike, a cybersecurity firm. 'It's a significant vulnerability.'
Companies and government agencies around the world use SharePoint for internal document management, data organization and collaboration.
A zero-day exploit is a cyberattack that takes advantage of a previously unknown security vulnerability. "Zero-day" refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting SharePoint is "a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.'
Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive.
Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to "bypass future patching.'
Eye Security said in its blog post that it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. The cybersecurity company said the attacks likely began on July 18.
Microsoft said the vulnerability affects only on-site SharePoint servers used within businesses or organizations, and does not affect Microsoft's cloud-based SharePoint Online service.
But Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, warns that the exploit still leaves many potentially exposed to bad actors.
'While cloud environments remain unaffected, on-prem SharePoint deployments — particularly within government, schools, health care including hospitals, and large enterprise companies — are at immediate risk."
The vulnerability targets SharePoint server software so customers of that product will want to immediately follow Microsoft's guidance to patch their on-site systems.
Although the scope of the attack is still being assessed, CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
'We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response. An immediate, band-aid fix would be to unplug your Microsoft SharePoint from the internet until a patch is available,' Sikorski advises.
© Copyright 2025 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yomiuri Shimbun
10 hours ago
- Yomiuri Shimbun
Denmark Aims to Host Most Powerful Quantum Computer
STOCKHOLM/COPENHAGEN (Reuters) — The Novo Nordisk Foundation and Denmark's state-owned credit fund said on July 17 they will invest in what they say will be the world's most powerful quantum computer, aiming to revolutionize areas such as drug discovery and materials science. Quantum computing holds the promise of carrying out calculations that would take today's systems millions of years and could unlock discoveries in medicine, chemistry and many other fields where near-infinite seas of possible combinations of molecules confound classical computers. The Novo Nordisk Foundation, the non-profit which controls pharmaceutical giant Novo Nordisk, and Denmark's Export and Investment Fund, said in a statement they would invest €80 million ($92.93 million) in the initiative called QuNorth. Microsoft, which has its largest quantum lab in Denmark, will provide software and Atom Computing will build the quantum computer. The computer will be named Magne, inspired by Norse mythology where Magne, the son of Thor, is known for his immense strength. Construction will begin in autumn and the computer is expected to be ready by the end of next year. The quantum computer will start operating with 50 logical qubits, Jason Zander, Microsoft's executive vice president, told Reuters. A qubit, short for quantum bit, is the basic unit of information in a quantum computer and a logical qubit is a virtual qubit built from many physical qubits to reliably process quantum information. Last November, Microsoft and Atom created 24 logical qubits, the highest number ever created. 'When we get to about 50 logical qubits, that's when we start hitting true quantum advantage,' Zander said. 'I get to the point where I can run something on a quantum computer that I could not run on a classic computer.' 'When the machine gets up to 100 [logical qubits], we can start doing science problems, get up to a couple 100s, we can start doing some chemistry and starting to answer things, and then when all the way up to 1,000, now you are solving everything,' Zander said.
Japan Today
6 days ago
- Japan Today
Elon Musk's Starlink network suffers rare global outage
SpaceX logo and miniature satellite model are seen in this illustration taken, March 10, 2025. REUTERS/Dado Ruvic/Illustration/File Photo By Juby Babu, Raphael Satter and Joey Roulette (Reuters) -SpaceX's Starlink suffered one of its biggest international outages on Thursday when an internal software failure knocked tens of thousands of users offline, a rare disruption for Elon Musk's powerful satellite internet system. Users in the U.S. and Europe began experiencing the outage at around 3 p.m. EDT (1900 GMT), according to Downdetector, a crowdsourced outage tracker that said as many as 61,000 user reports to the site were made. Starlink, which has more than 6 million users across roughly 140 countries and territories, later acknowledged the outage on its X account and said "we are actively implementing a solution." Starlink service mostly resumed after 2.5 hours, Michael Nicolls, Starlink vice president of Starlink Engineering, wrote on X. "The outage was due to failure of key internal software services that operate the core network," Nicolls said, apologizing for the disruption and vowing to find its root cause. Musk had also apologized: "Sorry for the outage. SpaceX will remedy root cause to ensure it doesn't happen again," the SpaceX CEO wrote on X. The outage was a rare hiccup for SpaceX's most commercially sensitive business that had experts speculating whether the service, known for its resilience and rapid growth, was beset by a glitch, a botched software update or even a cyberattack. Doug Madory, an expert at the internet analysis firm Kentik, said the outage was global and that such a sweeping interruption was unusual. "This is likely the longest outage ever for Starlink, at least while it became a major service provider," Madory said. As Starlink gained more users, SpaceX has focused heavily in recent months on updating its network to accommodate demands for higher speed and bandwidth. The company in a partnership with T-Mobile is also expanding the constellation with larger, more powerful satellites to offer direct-to-cell text messaging services, a line of business in which mobile phone users can send emergency text messages through the network in rural areas. SpaceX has launched more than 8,000 Starlink satellites since 2020, building a uniquely distributed network in low-Earth orbit that has attracted intense demand from militaries, transportation industries and consumers in rural areas with poor access to traditional, fiber-based internet. "I'd speculate this is a bad software update, not entirely dissimilar to the CrowdStrike mess with Windows last year, or a cyberattack," said Gregory Falco, director of a space and cybersecurity laboratory at Cornell University. An update to CrowdStrike's widely used cybersecurity software led to worldwide flight cancellations and impacted industries around the globe in July last year. The outage disrupted internet services, affecting 8.5 million Microsoft Windows devices. It was unclear whether Thursday's outage affected SpaceX's other satellite-based services that rely on the Starlink network. Starshield, the company's military satellite business unit, has billions of dollars' worth of contracts with the Pentagon and U.S. intelligence agencies. © (c) Copyright Thomson Reuters 2025.
The Mainichi
6 days ago
- The Mainichi
Trump's order to block 'woke' AI in government encourages tech giants to censor their chatbots
(AP) -- Tech companies looking to sell their artificial intelligence technology to the federal government must now contend with a new regulatory hurdle: prove their chatbots aren't "woke." President Donald Trump's sweeping new plan to counter China in achieving "global dominance" in AI promises to cut regulations and cement American values into the AI tools increasingly used at work and home. But one of Trump's three AI executive orders signed Wednesday -- the one "preventing woke AI in the federal government" -- also mimics China's state-driven approach to mold the behavior of AI systems to fit its ruling party's core values. Several leading providers of the AI language models targeted by the order -- products like Google's Gemini, Microsoft's Copilot -- have so far been silent on Trump's anti-woke directive, which still faces a study period before it gets into official procurement rules. While the tech industry has largely welcomed Trump's broader AI plans, the anti-woke order forces the industry to leap into a culture war battle -- or try their best to quietly avoid it. "It will have massive influence in the industry right now," especially as tech companies "are already capitulating" to other Trump administration directives, said civil rights advocate Alejandra Montoya-Boyer, senior director of The Leadership Conference's Center for Civil Rights and Technology. The move also pushes the tech industry to abandon years of work to combat the pervasive forms of racial and gender bias that studies and real-world examples have shown to be baked into AI systems. "First off, there's no such thing as woke AI," she said. "There's AI technology that discriminates and then there's AI technology that actually works for all people." Molding the behaviors of AI large language models is challenging because of the way they're built. They've been trained on most of what's on the internet, reflecting the biases of all the people who've posted commentary, edited a Wikipedia entry or shared images online. "This will be extremely difficult for tech companies to comply with," said former Biden official Jim Secreto, who was deputy chief of staff to U.S. Secretary of Commerce Gina Raimondo, an architect of many of Biden's AI industry initiatives. "Large language models reflect the data they're trained on, including all the contradictions and biases in human language." Tech workers also have a say in how they're designed, from the global workforce of annotators who check their responses to the Silicon Valley engineers who craft the instructions for how they interact with people. Trump's order targets those "top-down" efforts at tech companies to incorporate what it calls the "destructive" ideology of diversity, equity and inclusion into AI models, including "concepts like critical race theory, transgenderism, unconscious bias, intersectionality, and systemic racism." For Secreto, the order resembles China's playbook in "using the power of the state to stamp out what it sees as disfavored viewpoints." The method is different, with China relying on direct regulation through its Cyberspace Administration, which audits AI models, approves them before they are deployed and requires them to filter out banned content such as the bloody Tiananmen Square crackdown on pro-democracy protests in 1989. Trump's order doesn't call for any such filters, relying on tech companies to instead show that their technology is ideologically neutral by disclosing some of the internal policies that guide the chatbots. "The Trump administration is taking a softer but still coercive route by using federal contracts as leverage," Secreto said. "That creates strong pressure for companies to self-censor in order to stay in the government's good graces and keep the money flowing." The order's call for "truth-seeking" AI echoes the language of the president's one-time ally and adviser Elon Musk, who frequently uses that phrase as the mission for the Grok chatbot made by his company xAI. But whether Grok or its rivals will be favored under the new policy remains to be seen. Despite a "rhetorically pointed" introduction laying out the Trump administration's problems with DEI, the actual language of the order's directives shouldn't be hard for tech companies to comply with, said Neil Chilson, a Republican former chief technologist for the Federal Trade Commission. "It doesn't even prohibit an ideological agenda," just that any intentional methods to guide the model be disclosed, said Chilson, who is now head of AI policy at the nonprofit Abundance Institute. "Which is pretty light touch, frankly." Chilson disputes comparisons to China's cruder modes of AI censorship. "There is nothing in this order that says that companies have to produce or cannot produce certain types of output," he said. "It says developers shall not intentionally encode partisan or ideological judgments. That's the exact opposite of the Chinese requirement." So far, tech companies that have praised Trump's broader AI plans haven't said much about the order. OpenAI on Thursday said it is awaiting more detailed guidance but believes its work to make ChatGPT objective already makes the technology consistent with what the order requires. Microsoft, a major supplier of email, cloud computing and other online services to the federal government, declined to comment Thursday. Musk's xAI, through spokesperson Katie Miller, a former Trump official, pointed to a company comment praising Trump's AI announcements as a "positive step" but didn't respond to a follow-up question about how Grok would be affected. Anthropic, Google, Meta, and Palantir didn't immediately respond to emailed requests for comment Thursday. AI tools are already widely used in the federal government, according to an inventory created at the end of Biden's term. In just one agency, U.S. Health and Human Services, the inventory found more than 270 use cases, including the use of commercial generative AI platforms such as ChatGPT and Google Gemini for internal agency support to summarize the key points of a lengthy report. The ideas behind the order have bubbled up for more than a year on the podcasts and social media feeds of Sacks and other influential Silicon Valley venture capitalists, many of whom endorsed Trump's presidential campaign last year. Much of their ire centered on Google's February 2024 release of an AI image-generating tool that produced historically inaccurate images before the tech giant took down and fixed the product. Google later explained that the errors -- including one user's request for American Founding Fathers that generated portraits of Black, Asian and Native American men -- was the result of an overcompensation for technology that, left to its own devices, was prone to favoring lighter-skinned people because of pervasive bias in the systems. Trump allies alleged that Google engineers were hard-coding their own social agenda into the product, and made it a priority to do something about it. "It's 100% intentional," said prominent venture capitalist and Trump adviser Marc Andreessen on a podcast in December. "That's how you get Black George Washington at Google. There's override in the system that basically says, literally, 'Everybody has to be Black.' Boom. There's squads, large sets of people, at these companies who determine these policies and write them down and encode them into these systems." Sacks credited a conservative strategist for helping to draft the order. "When they asked me how to define 'woke,' I said there's only one person to call: Chris Rufo. And now it's law: the federal government will not be buying WokeAI," Sacks wrote on X.
