Critical Vulnerability Affects Thousands of Organizations
Microsoft has issued a high-priority security alert over active cyberattacks targeting its SharePoint collaboration software. The breach, identified as a serious vulnerability, allows attackers to gain unauthenticated access to systems, giving them full access to SharePoint content and enabling remote code execution.
According to the Cybersecurity and Infrastructure Security Agency (CISA), the flaw “poses a risk to organizations” across sectors, although the full scope is still being assessed. Microsoft has released patches for two affected versions of SharePoint, while a third version from 2016 remains unpatched as the company continues developing a fix.
Thousands of Systems Potentially Compromised
Cybersecurity firm Palo Alto Networks reported that the exploit has likely affected thousands of organizations worldwide. The firm’s researchers described the attack as real, in-the-wild, and highly dangerous. Eye Security, the European firm that first identified the flaw, warned that the breach allows attackers to impersonate users and services even after patches are applied.
SharePoint is widely used by businesses and institutions globally to store and manage documents. Its integration with other Microsoft services, including Outlook and Teams, increases the risk that compromised systems could result in broader data theft and system intrusion.
Attackers Deploy Backdoors and Harvest Credentials
Michael Sikorski, CTO of Palo Alto’s Unit 42, warned that threat actors are already exploiting the vulnerability to infiltrate systems, steal cryptographic keys, exfiltrate sensitive data, and install persistent backdoors. The attackers’ ability to bypass authentication and maintain access underscores the severity of the breach.
Microsoft clarified that the attack impacts only on-premises SharePoint servers and not cloud-based platforms such as Microsoft 365. A company spokesperson declined to provide further comment beyond an official blog post detailing the patches.
Unclear Links to Alaska Airlines Outage
In a potentially related development, Alaska Airlines temporarily halted all ground operations for roughly three hours early Sunday due to an IT outage. The carrier resumed operations around 2 a.m. EST but has not confirmed any connection between its system failure and the SharePoint vulnerability.
While investigations continue, cybersecurity experts are urging organizations using on-premises SharePoint servers to immediately apply available patches and monitor systems for suspicious activity.
