&w=3840&q=100)
Hackers exploit SharePoint flaw to breach servers, Microsoft issues fix
Microsoft alerted users over the weekend, confirming that a zero-day exploit was being used and that they were working on a solution. On Sunday, the tech giant released instructions to patch the issue for SharePoint Server 2019 and SharePoint Server Subscription Edition. However, engineers are still working on a fix for the older SharePoint Server 2016.
'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president at cybersecurity firm CrowdStrike. 'It's a significant vulnerability.'
Zero-day exploit
A zero-day exploit refers to a security flaw that has just been discovered and for which there is no fix yet, giving attackers a head start before security teams can respond.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), this new threat is a variant of an existing vulnerability (CVE-2025-49706). It mainly affects organisations using on-premise SharePoint servers.
Cybersecurity experts have identified the exploit, dubbed 'ToolShell', which can allow attackers full access to SharePoint file systems. This may also impact other services linked to SharePoint, like Microsoft Teams and OneDrive, Associated Press reported.
Google's Threat Intelligence Group has warned that this vulnerability could potentially 'bypass future patching', making it even more dangerous.
Global impact and affected systems
Cybersecurity company Eye Security reported scanning more than 8,000 SharePoint servers globally. Their findings showed that at least several dozen had been compromised, and the attacks started on July 18.
Microsoft clarified that this vulnerability affects only on-premise SharePoint servers and not the cloud-based SharePoint Online service. However, the risk remains high, particularly for critical sectors.
What should users do?
Organisations using on-premise SharePoint servers are strongly urged to apply Microsoft's latest security guidance immediately. CISA has recommended that any impacted servers be taken offline until they are properly patched.
Michael Sikorski, chief technology officer and head of Threat Intelligence for Unit 42 at Palo Alto Networks, said, 'We are urging organisations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response.'
Sikorski also suggested disconnecting Microsoft SharePoint from the internet as a temporary measure until a security patch is released.
CERT-In warns Microsoft users in India
Last week, the Indian Computer Emergency Response Team (CERT-In) issued a high-severity warning for users of Microsoft Windows and Office products. The agency flagged multiple security flaws that could put both individuals and enterprises at risk.
According to CERT-In, attackers could exploit these flaws to gain higher privileges, access sensitive data, execute remote code, and bypass security protocols. In some cases, they may also spoof identities, tamper with system settings, or trigger denial-of-service (DoS) attacks.
CERT-In has urged all users and IT administrators to apply necessary patches and take additional security measures to avoid potential exploitation.
[With agency inputs]
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
6 hours ago
- Time of India
Just like NBA stars, US AI experts are now receiving $250 million pay packages
US AI researchers are securing $250 million+ deals as tech giants battle for top talent. (AI Image) In the latest development in the US artificial intelligence (AI) job market, top AI researchers are reportedly receiving compensation packages exceeding $250 million, matching or even surpassing earnings of NBA superstars. As reported by The New York Times, technology firms including Meta, Google, OpenAI, and Microsoft are engaging in aggressive recruitment strategies, likened to free agency negotiations in professional sports. The AI talent war has intensified as companies compete to develop "superintelligence" — advanced AI systems capable of outperforming the human brain. The scarcity of experienced researchers has led to highly competitive offers and personal interventions by tech executives to secure top talent. High-value offers and personal outreach Meta CEO Mark Zuckerberg reportedly offered 24-year-old AI researcher Matt Deitke a compensation package worth approximately $250 million over four years. According to The New York Times, the offer included as much as $100 million in the first year alone. Mr Deitke, who co-founded the startup Vercept, had initially declined an earlier offer of around $125 million in stock and cash. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like 20 Legendary Cars from the Past Undo Following further negotiation and a personal meeting with Mr Zuckerberg, Mr Deitke accepted the revised offer. Recruitment efforts have become highly personalised. Zuckerberg has been directly messaging potential recruits, often following up with larger offers. As quoted by The New York Times, some Meta employees likened this strategy to the approach of sports franchise owners. The publication also reported that companies see these high compensation packages as justifiable, with the potential to significantly increase revenue through AI advancements. Recruitment tactics reflect professional sports culture The current AI hiring environment is marked by a level of intensity resembling that of major sports leagues. Companies have been poaching talent from each other, and social media has mirrored this dynamic with graphics and posts styled after sports trade announcements. One such post, made by the tech-focused online streaming platform TBPN, read: 'BREAKING: Microsoft has poached over 20 staff members from DeepMind over the last six months,' as cited by The New York Times. Many young AI researchers have reportedly formed private online groups to discuss offers, compare compensation packages, and advise each other on negotiation strategies. These discussions have taken place on platforms such as Slack and Discord, according to the report. The growing influence of these informal networks has shaped how researchers approach career decisions. Computing resources and recruitment networks In addition to financial compensation, companies like Meta are also offering vast computing resources. As per The New York Times, some recruits have been promised access to 30,000 graphical processing units (GPUs) — a critical asset for developing and training large AI models. Recruitment efforts are also being guided by internal documents, including one referred to as 'the List.' This list, as reported by The New York Times, contains names of top researchers with qualifications such as a Ph.D. in an AI-related field, experience at leading research labs, and a record of contributing to significant AI breakthroughs. Market shifts and internal challenges The demand for elite AI talent has also affected internal structures at companies like OpenAI. According to The New York Times, OpenAI's Chief Research Officer Mark Chen acknowledged in a staff meeting that the company has been countering offers from competitors. However, he noted that OpenAI had not matched Meta's financial proposals, stating, 'I personally think that in order to work here, you have to believe in the upside of OpenAI,' as quoted in the report. This rapid escalation in compensation has led to a redefinition of how value is assigned to AI expertise in the US, with new recruits often attempting to bring former colleagues into their teams. The New York Times also noted that researchers frequently try to recruit friends after joining a new lab, strengthening internal cohesion and collaboration. Background on Matt Deitke and Vercept Mr Deitke, who left a Ph.D. programme at the University of Washington, previously worked at the Allen Institute for Artificial Intelligence, where he contributed to the development of Molmo — an AI chatbot capable of handling images, sounds, and text. In November, he and several colleagues founded Vercept, a startup building autonomous AI agents. Vercept has reportedly raised $16.5 million in funding, including investment from former Google CEO Eric Schmidt. Following Mr Deitke's decision to accept Meta's offer, Vercept's CEO posted on social media: 'We look forward to joining Matt on his private island next year,' as cited by The New York Times. TOI Education is on WhatsApp now. Follow us here. Ready to navigate global policies? Secure your overseas future. Get expert guidance now!
Indian Express
7 hours ago
- Indian Express
Microsoft kills Windows 11 SE, support ends officially in October 2026
After only a few years in the market, Microsoft's special school edition of Windows 11 SE, built for low-cost PCs used in classrooms, is no longer available. This was the company's latest attempt to compete with Chrome OS, first unveiled in 2021. Microsoft initially described Windows 11 SE as a 'cloud-first operating system that offers the power and reliability of Windows 11 with a simplified design and tools specially designed for schools.' Only specific education-oriented PCs supplied by OEMs, starting with Microsoft's own Surface Laptop SE, came pre-installed with this version of Windows 11 SE. According to Microsoft, support for Windows 11 SE, including security updates and new features, will end in October 2026. The company also confirms that Windows 11 SE has already received its final major update, version 24 H 2, and will not be receiving version 25 H 2 later this year. Microsoft has made several attempts to rival Chrome OS. Windows 10 X, a genuinely lightweight version of Windows that performed much better on low-end hardware, was the closest to achieving this. Sadly, with the cancellation of Windows 10 X before its release, Microsoft was left without a truly lightweight Windows OS for low-end PCs. 'Microsoft will not release a feature update after Windows 11 SE, version 24 H 2. Support for Windows 11 SE—including software updates, technical assistance, and security fixes—will end in October 2026. While your device will continue to work, we recommend transitioning to a device that supports another edition of Windows 11 to ensure continued support and security,' stated a Microsoft Learn document. The operating system, however, struggled to run smoothly on low-end hardware because it shared the same base as Windows 11 Home and Pro. Windows 11 SE was a last-ditch effort to serve the low-end educational sector without truly delivering a lightweight version of Windows, as the company has yet to release a genuine lightweight edition. Windows 11 SE was restricted to only running apps approved by an administrator and included artificial limitations, such as reduced multitasking capabilities, to simplify the user experience for children. It also featured a unique function allowing users to add stickers to their desktop backgrounds. Windows 11 Education remains available for students and educational institutions. The main differences between Windows 11 SE and Windows 11 Education are that the former has no artificial restrictions, whereas the latter is considerably more expensive.
Hans India
8 hours ago
- Hans India
Microsoft Retires Windows 11 SE: What It Means for Users and Schools
Microsoft is officially phasing out Windows 11 SE, its education-focused operating system tailored for low-cost laptops and classroom environments. Launched in 2021 as a direct response to Google's Chrome OS, Windows 11 SE was designed to simplify computing in schools by offering a cloud-first, streamlined Windows experience. However, this effort is now winding down. Microsoft has confirmed that support for Windows 11 SE will end in October 2026. In a note published on Microsoft Learn, the company said, 'Microsoft will not release a feature update after Windows 11 SE, version 24H2. Support for Windows 11 SE, including software updates, technical assistance, and security fixes, will end in October 2026. While your device will continue to work, we recommend transitioning to a device that supports another edition of Windows 11 to ensure continued support and security.' This means that while devices running Windows 11 SE will still function after support ends, they will no longer receive essential updates, leaving them vulnerable and outdated over time. The recently released 24H2 version marks the final feature update for SE. When Windows 11 25H2 rolls out later this year, SE users will remain locked in their current version. Windows 11 SE was envisioned as a simplified, student-friendly version of Windows 11. It came pre-installed on specific devices, most notably the Surface Laptop SE. Despite Microsoft's hopes, the OS didn't gain wide traction and struggled to match Chrome OS's efficiency and reach in schools globally. Though it promised a lighter experience, SE was essentially Windows 11 under the hood. This led to inconsistent performance on budget hardware, defeating its core purpose. The system also featured strict app limitations and restricted multitasking—frustrating both students and educators. On the flip side, Microsoft still offers Windows 11 Education, a more robust edition intended for academic institutions. Unlike SE, it doesn't come with app or multitasking limitations, making it more suitable for broader educational needs. However, it does carry a higher cost and requires hardware capable of running full Windows 11. Microsoft's attempt to challenge Chromebooks in the education sector has faced repeated hurdles. An earlier venture, Windows 10X, was more promising as a true lightweight OS but was shelved before its official launch. Windows 11 SE stepped in to fill the gap, but ultimately failed to deliver a compelling alternative to Chrome OS. With Windows 11 SE nearing the end of its lifecycle, Microsoft advises users and institutions to transition to standard Windows 11 editions if supported by their hardware. This ensures continued access to security patches and features, crucial for maintaining safe digital learning environments. In summary, Windows 11 SE will soon join the list of Microsoft's short-lived experiments. While the devices will still boot up, the lack of updates post-October 2026 makes it essential for users to plan an upgrade or switch—before they're left behind.
