Australian government agencies and businesses are being urged to review their networks for on-premise instances of Microsoft SharePoint Server after hackers exploited a major security flaw in the software.
The Australian Cyber Security Centre issued an alert about “active attacks” on the software used to share documents on Sunday, just hours after Microsoft first alerted customers to the vulnerability and recommended urgent security updates.
In its alert on Saturday, Microsoft said the vulnerability only applies to SharePoint servers used within organisations. It said its cloud-based SharePoint Online in Microsoft 365 was not hit by the attacks.
The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted US and international agencies and businesses.
The hack is known as a zero day attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers are believed to be at risk.
Microsoft did not immediately respond to a request for comment when approached by Reuters.
In its alert, Microsoft said that a vulnerability “allows an authorised attacker to perform spoofing over a network”. It issued recommendations to stop the attackers from exploiting it.
The ACSC, meanwhile, said, the vulnerability involves “deserialisation of untrusted data in on-premises Microsoft SharePoint Servers allowing an unauthorised attacker to execute code over a network”.
Microsoft on Sunday said it had issued a security update for SharePoint Subscription Edition, which it said customers should apply immediately.
It said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it said.
With Reuters (Timothy Gardner)
Do you know more? Contact James Riley via Email.