Microsoft warns companies and government agencies of a zero-day attack.
Microsoft has issued an alert about "active attacks" on server software used by government agencies and businesses to share documents within organizations, and the company has recommended security updates for customers to apply immediately.The FBI said Sunday it was aware of the attacks and working closely with federal and private sector partners, but did not provide any further details. In an alert issued Saturday, Microsoft said the vulnerabilities only apply to SharePoint servers used within organizations.
Microsoft clarified that SharePoint Online in Microsoft 365, which is located in the cloud, was not subject to attacks. The Washington Post, which first reported the hack, said that unknown parties have exploited a vulnerability in recent days to launch an attack targeting American and international devices and companies.
The newspaper quoted experts as saying that the hack was known as a "zero-day" attack because it targeted a previously unknown vulnerability. Tens of thousands of servers were at risk, according to the newspaper.
According to Microsoft's warning, the vulnerability "could allow authenticated attackers to conduct network spoofing" and has issued recommendations to prevent attackers from exploiting it.
In a phishing attack, an attacker can manipulate financial markets or devices by disguising themselves as a trusted person, organization, or website. Microsoft indicated on Sunday that it had released a security update, adding that customers should apply it immediately.
The company confirmed that it is working on updates for the 2016 and 2019 versions of SharePoint, adding that if customers are unable to implement the recommended malware protection, they should disconnect their servers from the internet until a security update is available.
0 Comments