Microsoft has issued a warning on “active attacks” on servers software used by government agencies and companies to share documents within organizations, and recommended security updates that customers must immediately apply.
The FBI said on Sunday that it is aware of the attacks and works closely with its federal and partners sector, but offered no other details.
In a warning on Saturday, Microsoft said that the vulnerabilities only apply to SharePoint servers used within organizations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks.
“We have worked closely with CISA, DOD Cyber Defense Command and important cyber security partners worldwide during our response,” said a Microsoft spokesperson, adding that the company had published security updates and encouraged customers to install them immediately.
The Washington Post, who reported the hacks for the first time, said that not -experienced actors had used a mistake in recent days to launch an attack aimed at our and international agencies and companies.
The hack is known as a “zero day” attack because it was aimed at a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk.
In the warning, Microsoft said that a vulnerability “enables an authorized attacker to perform Spoofing about a network.” It gave recommendations to prevent the attackers from exploiting.
In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the identity of the actor and being a trusted person, organization or website.
Previously, Microsoft said it is working on updates from 2016 and 2019 versions of SharePoint. If customers cannot enable the recommended malware protection, they must disconnect their servers from the internet until a security update is available, it added.
