The US Cybersecurity and Infrastructure Security Agency and cybersecurity authorities in Canada and Australia are actively investigating the breach. Microsoft has yet to release a patch for the SharePoint server vulnerability, forcing affected organizations to rely on temporary fixes—like adjusting server configurations or taking systems offline—to mitigate the risk.
Microsoft fails to issue a patch amid expanding breach
Source Cryptopolitan
Hackers have launched a large-scale cyberattack exploiting a critical flaw in Microsoft’s widely used SharePoint Server software.
According to state officials, the breach has compromised US federal and state government agencies, universities, energy companies, and even telecommunications infrastructure in Asia.
The vulnerability lies in on-premises SharePoint servers—systems used internally to store and share documents—not in Microsoft’s cloud services like Microsoft 365, making them prime targets for attackers.
The flaw is being called a “zero-day” vulnerability, a new software vulnerability for which Microsoft has yet to produce a patch. Organizations had zero days to prepare and opened up thousands of institutions to attack.
According to security researchers, the hackers have penetrated systems in over 50 organizations, including multiple European government agencies, an energy company in a large US state, and a university in Brazil.
In one eastern United States state, attackers took control of a trove of documents designated for public disclosure, then held it in limbo so the agency could not pull them back and remove them.
Microsoft fails to issue a patch amid expanding breach
Microsoft confirmed the breach and posted an alert but said nothing publicly. The company has urged users to apply lockdown settings and remove exposed servers from the internet to mitigate exposure.
The Center for Internet Security, which works with local governments around the US, said it sent warnings to about 100 possibly affected organizations, including public schools and universities. The reaction was also hampered by more recent cuts to funding, which have slashed threat intelligence and response operations personnel by at least 60%.
Randy Rose, the vice president of the Center for Internet Security, said it took six hours on Saturday night to complete the notifications. He added that the process would have been much faster if their teams had not been cut.
CISA, currently led by its director nominee in an acting capacity while awaiting confirmation, has maintained that its staff have been working tirelessly. Marci McCarthy, a spokeswoman for the agency, said that no one had been asleep at the wheel.
Security failures spark rising scrutiny of Microsoft
The latest incident adds to a wave of concern about Microsoft’s ability to secure its software, when the company remains a primary technology supplier to governments in many parts of the world.
The Department of Homeland Security said the attackers may have pivoted from a previously patched SharePoint vulnerability. This underscores Microsoft’s repeated strategy of delivering narrowly focused fixes that fail to plug related holes yet to be exploited.
Information security professionals are concerned about the long-term implications of the breach. Once inside the internal SharePoint servers, attackers have a path into the sensitive systems you rely upon in the workplace, such as Outlook, Teams, and others. Certain hackers, it said, had stolen cryptographic keys that could be used to re-enter servers, even after patches have been installed.
One researcher involved in the response, who requested anonymity due to the ongoing federal investigation, cautioned that releasing a patch on Monday or Tuesday would not help anyone who had already been compromised in the past 72 hours.
Last year, a US government-designated panel criticized Microsoft for handling a targeted Chinese cyberattack of federal email systems, including messages generated by the then-Commerce Secretary Gina Raimondo. In that case, the company said its cloud platform was exploited to access sensitive communications illegally.
The company faced fresh criticism last week after ProPublica reported that Microsoft had hired engineers in China to work on cloud projects connected to the US military. On Friday, Microsoft announced it would no longer employ engineers on Pentagon-related systems in China.
KEY Difference Wire helps crypto brands break through and dominate headlines fast
Disclaimer: For information purposes only. Past performance is not indicative of future results.
Recommended Articles
Ripple Labs, a crypto payments company, continues to set its ambitions and those of XRP higher than ever as it edges closer to disrupting the global financial messaging giant SWIFT. After Ripple CEO
Fartcoin, SPX6900 Price Prediction: Meme coins eye further gains amid record-high Open InterestsThe Solana-based meme coin market capitalization has jumped 6% over the last 24 hours, reaching $14.64 billion, leading the broader cryptocurrency market's recovery. Fartcoin (FARTCOIN) and SPX6900 (SPX), which edged lower after double-digit gains on Wednesday, are among the top performers.
The Solana-based meme coin market capitalization has jumped 6% over the last 24 hours, reaching $14.64 billion, leading the broader cryptocurrency market's recovery. Fartcoin (FARTCOIN) and SPX6900 (SPX), which edged lower after double-digit gains on Wednesday, are among the top performers.
After beating the resistance mounted at the $3,000 by bears for months now, the Ethereum price looks primed for a further breakout. Expectations currently are that the Ethereum price rally will
Gold price (XAU/USD) struggles to capitalize on the overnight bounce from the $3,309 area, or a one-week low, and oscillates in a narrow trading band during the Asian session on Friday.
Top 3 Price Prediction: Bitcoin, Ethereum, Ripple – BTC nears all-time high, ETH eyes $4,000, XRP sets new recordBitcoin (BTC) price is trading above $120,000 on Friday, inching closer to its all-time high of $123,218. Ethereum (ETH) price has surged by over 20% so far this week, with bulls aiming for the $4,000 level next.
Bitcoin (BTC) price is trading above $120,000 on Friday, inching closer to its all-time high of $123,218. Ethereum (ETH) price has surged by over 20% so far this week, with bulls aiming for the $4,000 level next.
