When you hear your Microsoft team song sound this morning as your phone rings on a busy Monday, think about where your data is going.
A major hack has occurred… a vulnerability in Microsoft’s SharePoint server software was exploited by hackers to carry out “active attacks” globally on various entities, including businesses and U.S. federal agencies and state governments, prompting the software giant to issue an emergency patch.
In a statement on X, Microsoft said it has released a security update for SharePoint Subscription Edition and SharePoint 2019 users to “mitigate active attacks” targeting servers running the software.
The company noted that the vulnerability only impacts companies using Microsoft’s software to host their own servers, and customers relying on Microsoft’s 365 cloud services have not been affected.
Citing government officials and security researchers, the Washington Post reported that the vulnerability affected U.S. federal and state agencies, universities and various businesses.
In a statement on Sunday night, the Cybersecurity and Infrastructure Security Agency (CISA) said it was “aware of active exploitation of a new…vulnerability enabling unauthorized access to on-premise SharePoint servers.”
