Microsoft alerts businesses, governments to server software attack

WASHINGTON – Microsoft has issued an alert about “active attacks” on server software used by government agencies and businesses to share documents within organisations, and it recommended security updates customers should apply immediately.

The Federal Bureau of Investigation said on July 20 that it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details.

In an alert issued on July 19, Microsoft said the vulnerabilities applied only to SharePoint servers used within organisations. It said SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks.

“We’ve been coordinating closely with Cisa (Cybersecurity and Infrastructure Security Agency), DOD Cyber Defence Command and key cyber security partners globally throughout our response,” a Microsoft spokesperson said, adding that the company had issued security updates and urged customers to install them immediately.

The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted US and international agencies and businesses.

The hack is known as a “zero-day” attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk.

In the alert, Microsoft said that a vulnerability “allows an authorised attacker to perform spoofing over a network”. It issued recommendations to stop the attackers from exploiting it.

In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor’s identity and appearing to be a trusted person, organisation or website.

Earlier, Microsoft said it was working on updates to the 2016 and 2019 versions of SharePoint.

If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it added. REUTERS