A vulnerability in Microsoft’s SharePoint Server is under active review by threat intelligence researchers as some have found evidence that U.S. government systems have been exposed and potentially compromised.
The issue is limited to versions of SharePoint managed on customer infrastructure and does not impact Microsoft 365 environments, the company said in a blog post. The flaw affects SharePoint Enterprise Server 2016 and 2019, as well as the Subscription Edition. It was first disclosed late Saturday and, as of Sunday night, Microsoft had issued patches for 2019 and the subscription version.
“Unit 42 is tracking a high-impact, ongoing threat campaign targeting on-premises Microsoft SharePoint servers,” said Michael Sikorski, CTO and head of Threat Intelligence for Unit 42 at Palo Alto Networks. “While cloud environments remain unaffected, on-prem SharePoint deployments — particularly within government, schools, healthcare including hospitals, and large enterprise companies — are at immediate risk.”
Read the rest of the story at NextGov.
