Microsoft Sharepoint discovered serious security vulnerability, vulnerable to many public institutions and private companies worldwide made the systems vulnerable. Noticed by Eye Security on July 18, this deficit offers unauthorized access to attackers in SharePoint’s internal installations. Microsoft confirmed that active attacks continued and the security team was in the intervention process by making a statement just two days after this development. The source of the deficit is not yet clear, but the details show that the threat has a very complex structure.
It is stated that the attackers do not only target the data by taking advantage of this openness, but also can also take on user identities and infiltrate other systems. This is not only SharePoint; It means that services such as Outlook, Teams and OneDrive, who work connected to it, can also be affected. Especially in terms of the integrity of internal access networks, these open, chain security problems can cause. Even after the patch offered by Microsoft, the threat can continue, because the fact that the system has been seized before is still a risk.
Patches for Microsoft SharePoint 2019 and SE versions
Updates for Microsoft Sharepoint 2019 and SharePoint Subscription Edition are presented as a step to close the gap. However, a security patch is still developed for SharePoint 2016. It is recommended that organizations using this version should temporarily take their systems out of the network or take additional measures such as backup and access restrictions. Microsoft officials say that the work for the relevant version continues, but avoiding a clear date.
The basis of this vulnerability is stated that there are two weaknesses shown in the PWN2WN 2024 competition and which are combined and made in accordance with the attack. Researchers say that with the combination of these two weaknesses, the attackers can completely skip the authentication process. Moreover, after the attackers have infiltrated into the system, not only unauthorized access, but also the ability to move without leaving permanent traces in the system. Thus, it becomes very difficult to detect with standard safety checks.
The vulnerability has shown its effect on many US -based institutions. According to the Washington Post based on security sources, universities, energy firms and an Asian telecom company are influenced by the attacks as well as federal and state institutions. This reveals that Sharepoint servers are widely used even in open source systems and the potential attack surface is quite wide. The US Cyber Security and Infrastructure Security Agency (CISA) suggests that all local servers should be interrupted by drawing attention to the size of the risk.
In addition, cloud -based Sharepoint online systems were not affected by this security weakness. In other words, Microsoft’s versions on its own cloud infrastructure are protected from this threat. Nevertheless, the high number of institutions in -house installation shows how wide the deficit has a sphere of influence. Especially in hybrid systems used in large -scale companies, such explanations can cause much more complex safety problems.
Experts emphasize that such zero -day deficits should be eliminated not only by technical measures, but also with user consciousness and regular updates. Because similar deficits were observed in the previous attacks where they created a chained security risk among different components. Regular control of corporate software such as Sharepoint and limiting external connections is critical for reducing potential threats. In this context, the event is not only a product deficit and becomes a holistic IT security issue.
In the light of developments, Microsoft is expected to offer a patch for the SharePoint 2016 version in a short time. However, in the last time, security experts are advised to monitor network traffic and follow suspicious activities. Especially regular analysis of system logs is important in terms of early detection. In addition, it should be considered that the attackers can leave permanent rear doors in the system.