Latest news with #SharePointServer2019
Japan Today
7 days ago
- Japan Today
What to know about a vulnerability being exploited on Microsoft SharePoint servers
By SHAWN CHEN Microsoft has issued an emergency fix to close off a vulnerability in Microsoft's widely-used SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some U.S. government agencies. The company issued an alert to customers on July 19 saying it was aware of the zero-day exploit being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software. 'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president with CrowdStrike, a cybersecurity firm. 'It's a significant vulnerability.' Companies and government agencies around the world use SharePoint for internal document management, data organization and collaboration. A zero-day exploit is a cyberattack that takes advantage of a previously unknown security vulnerability. "Zero-day" refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting SharePoint is "a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.' Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive. Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to "bypass future patching.' Eye Security said in its blog post that it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. The cybersecurity company said the attacks likely began on July 18. Microsoft said the vulnerability affects only on-site SharePoint servers used within businesses or organizations, and does not affect Microsoft's cloud-based SharePoint Online service. But Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, warns that the exploit still leaves many potentially exposed to bad actors. 'While cloud environments remain unaffected, on-prem SharePoint deployments — particularly within government, schools, health care including hospitals, and large enterprise companies — are at immediate risk." The vulnerability targets SharePoint server software so customers of that product will want to immediately follow Microsoft's guidance to patch their on-site systems. Although the scope of the attack is still being assessed, CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched. 'We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response. An immediate, band-aid fix would be to unplug your Microsoft SharePoint from the internet until a patch is available,' Sikorski advises. © Copyright 2025 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
Indian Express
7 days ago
- Business
- Indian Express
Microsoft SharePoint hack: CERT-In flags ongoing threat, follow these steps to secure your systems
CERT-In, India's nodal cybersecurity agency, has flagged multiple vulnerabilities in Microsoft SharePoint Server that have been actively exploited by hackers to access sensitive user data or compromise systems through spoofing attacks. SharePoint Server 2019 and SharePoint Enterprise Server 2016 as well as the subscription edition of the platform deployed by organisations on-premises have been affected in the hack, according to a CERT-In advisory issued on Tuesday, July 22, with a 'Critical' severity rating. SharePoint is a web-based collaboration and document management platform developed by Microsoft. It allows organisations to create, manage, and share content and applications in a centralised environment. All end-user organisations and individuals using affected Microsoft SharePoint Server installations are at risk of unauthorized access to sensitive data, remote code execution, and potential disruption of services, the cybersecurity watchdog said. 'A remote attacker could exploit these vulnerabilities by sending specially crafted requests to the targeted system. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access sensitive data, or perform spoofing attacks on the targeted system,' CERT-In said, adding that the vulnerabilities are being actively exploited in the wild. CERT-In has published Vulnerability note on its website (22-07-2025) Multiple vulnerabilities in Microsoft SharePoint Serverhttps:// — CERT-In (@IndianCERT) July 22, 2025 The warning comes a day after researchers on Monday, July 21, uncovered a sweeping cyber espionage operation targeting Microsoft server software that has resulted in at least 100 organisations being compromised, according to a report by Reuters. Most of the affected organisations are located in the United States and Germany, as per the Shadowserver Foundation, a California-based non-profit cybersecurity organisation. Microsoft on July 19, issued an alert about 'active attacks' on self-hosted SharePoint servers. However, SharePoint instances run off of Microsoft servers were unaffected. 'Attackers were able to exploit the flaw, now identified as CVE-2025-53770, to steal MachineKey configuration details from vulnerable SharePoint Servers, which include both a validationKey and a decryptionKey. These details can be used by attackers to create specially crafted requests that could be used to gain unauthenticated remote code execution,' Satnam Narang, Senior Staff Research Engineer at Tenable, said in a statement to It is not clear who is behind the ongoing 'zero-day' attack, which is a hack that is carried out by exploiting a vulnerability that was previously undisclosed. However, Google researchers have tied at least some of the hacks to a 'China-nexus threat actor.' In response, Microsoft has rolled out security updates and CERT-In, in its advisory, encouraged customers to install them in order to address the vulnerabilities. According to Narang, organisations can find out if their systems have been compromised in the hack by searching for indicators such as 'a file created on the vulnerable servers called In addition to applying the security updates, CERT-In suggested the following mitigation measures for affected organisations: – Rotate the MachineKey values (ValidationKey and DecryptionKey) after applying the updates to invalidate any compromised credentials. – Enable AMSI (Antimalware Scan Interface) integration in SharePoint to enhance detection of malicious activity. – Deploy Microsoft Defender Antivirus or a compatible endpoint protection solution with updated signatures. – Scan SharePoint directories (e.g., LAYOUTS folder) for unauthorized ASPX files such as – Monitor systems for suspicious process activity such as spawning or – Restrict external access to on-premises SharePoint servers where feasible until patched.
Time of India
22-07-2025
- Business
- Time of India
Microsoft SharePoint vulnerability: Why MS has released a 'zero-day' urgent update and who is at risk
Microsoft has released an urgent patch for a critical "zero-day" vulnerability in its SharePoint software, after confirming that the flaw was actively exploited by hackers targeting businesses and U.S. government agencies. The company confirmed the vulnerability and issued the fix between July 19 and 20, while security agencies have advised affected organisations to disconnect unpatched servers from the internet. What is the SharePoint zero-day vulnerability? The vulnerability, found in Microsoft SharePoint, is a type of zero-day flaw. Zero-day vulnerabilities refer to unknown security issues that attackers can exploit before developers have time to release a fix. Microsoft SharePoint is widely used by organisations for internal file sharing, team collaboration, and document management. Explore courses from Top Institutes in Please select course: Select a Course Category healthcare Data Science Finance Others Data Science Project Management others Healthcare Leadership Artificial Intelligence Public Policy Data Analytics Technology MCA Digital Marketing Product Management Degree Management CXO PGDM MBA Cybersecurity Design Thinking Skills you'll gain: Duration: 11 Months IIM Lucknow CERT-IIML Healthcare Management India Starts on undefined Get Details Skills you'll gain: Duration: 11 Months IIM Lucknow CERT-IIML Healthcare Management India Starts on undefined Get Details In an alert issued on Saturday, July 19, Microsoft confirmed that the vulnerability was already being exploited. A day later, on Sunday, July 20, the company issued guidance for applying security patches to SharePoint Server 2019 and SharePoint Server Subscription Edition. Microsoft said it was still working on a patch for SharePoint Server 2016. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Join new Free to Play WWII MMO War Thunder War Thunder Play Now Undo Microsoft Sharepoint: Older servers still at risk Microsoft's fix currently covers only the newer versions of the software. Users of SharePoint Server 2016 will remain exposed until a patch is developed. Experts warn that any organisation running on-premise SharePoint servers should treat the situation as urgent. Adam Meyers, senior vice president at cybersecurity firm CrowdStrike, told the Associated Press, "Anybody who's got a hosted SharePoint server has got a problem." He added, "It's a significant vulnerability." Live Events When did the attacks begin? According to cybersecurity company Eye Security, attackers may have started exploiting the vulnerability as early as July 18. The company said it scanned over 8,000 SharePoint servers globally and found that at least dozens had been compromised. Security researchers identified the exploit as 'ToolShell,' which reportedly allows attackers full access to SharePoint file systems. Services integrated with SharePoint, such as Microsoft Teams and OneDrive, are also at risk. Google's Threat Intelligence Group warned that the flaw could even enable attackers to "bypass future patching." Government warning and recommended action The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has described the exploit as "a variant of the existing vulnerability CVE-2025-49706" and said it threatens organisations using on-premise SharePoint servers. The agency urged affected entities to take their servers offline until they are patched, warning that the impact of the breach could be widespread.
Time of India
22-07-2025
- Time of India
Who is at risk of 'Microsoft SharePoint hack': 'Anybody who's got a ...'
Microsoft has released an urgent fix for a severe "zero-day" vulnerability within its widely-used SharePoint software, a flaw that hackers are said to have actively exploited to launch extensive attacks against businesses and even some U.S. government agencies. For those unaware, Microsoft SharePoint is used by companies for internal document management, data organization and collaboration. 'Microsoft Sharepoint hack ' is a zero-day vulnerability. A zero-day vulnerability is a cyberattack that takes advantage of a previously unknown security vulnerability. "Zero-day" refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability." Microsoft issued an alert to customers on Saturday, July 19, confirming active exploitation of the previously unknown vulnerability and assuring users that a patch was in the works. By Sunday, July 20, Microsoft updated its guidance, providing crucial instructions for applying the fix to SharePoint Server 2019 and SharePoint Server Subscription Edition. However, the challenge persists for users of older software, as Microsoft engineers are still developing a solution for SharePoint Server 2016. So, who's all at risk? Adam Meyers, senior vice president at cybersecurity firm CrowdStrike, told news agency AP, "Anybody who's got a hosted SharePoint server has got a problem." Calling it critical, he added, "It's a significant vulnerability." Cyber security company Eye Security said that attacks likely began on July 18. and it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. How can hackers harm organisations impacted by the 'Microsoft Sharepoint' vulnerability Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive. Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to "bypass future patching.' CISA warning to companies impacted by Microsoft SharePoint hack According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting Microsoft SharePoint is "a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.' CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
&w=3840&q=100)
Business Standard
22-07-2025
- Business Standard
Hackers exploit SharePoint flaw to breach servers, Microsoft issues fix
Microsoft has rolled out an emergency security fix to address a serious vulnerability in its SharePoint software, which hackers are actively exploiting in cyberattacks targeting companies and US government agencies, Associated Press reported. Microsoft alerted users over the weekend, confirming that a zero-day exploit was being used and that they were working on a solution. On Sunday, the tech giant released instructions to patch the issue for SharePoint Server 2019 and SharePoint Server Subscription Edition. However, engineers are still working on a fix for the older SharePoint Server 2016. 'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president at cybersecurity firm CrowdStrike. 'It's a significant vulnerability.' Zero-day exploit A zero-day exploit refers to a security flaw that has just been discovered and for which there is no fix yet, giving attackers a head start before security teams can respond. According to the US Cybersecurity and Infrastructure Security Agency (CISA), this new threat is a variant of an existing vulnerability (CVE-2025-49706). It mainly affects organisations using on-premise SharePoint servers. Cybersecurity experts have identified the exploit, dubbed 'ToolShell', which can allow attackers full access to SharePoint file systems. This may also impact other services linked to SharePoint, like Microsoft Teams and OneDrive, Associated Press reported. Google's Threat Intelligence Group has warned that this vulnerability could potentially 'bypass future patching', making it even more dangerous. Global impact and affected systems Cybersecurity company Eye Security reported scanning more than 8,000 SharePoint servers globally. Their findings showed that at least several dozen had been compromised, and the attacks started on July 18. Microsoft clarified that this vulnerability affects only on-premise SharePoint servers and not the cloud-based SharePoint Online service. However, the risk remains high, particularly for critical sectors. What should users do? Organisations using on-premise SharePoint servers are strongly urged to apply Microsoft's latest security guidance immediately. CISA has recommended that any impacted servers be taken offline until they are properly patched. Michael Sikorski, chief technology officer and head of Threat Intelligence for Unit 42 at Palo Alto Networks, said, 'We are urging organisations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response.' Sikorski also suggested disconnecting Microsoft SharePoint from the internet as a temporary measure until a security patch is released. CERT-In warns Microsoft users in India Last week, the Indian Computer Emergency Response Team (CERT-In) issued a high-severity warning for users of Microsoft Windows and Office products. The agency flagged multiple security flaws that could put both individuals and enterprises at risk. According to CERT-In, attackers could exploit these flaws to gain higher privileges, access sensitive data, execute remote code, and bypass security protocols. In some cases, they may also spoof identities, tamper with system settings, or trigger denial-of-service (DoS) attacks. CERT-In has urged all users and IT administrators to apply necessary patches and take additional security measures to avoid potential exploitation. [With agency inputs]
