A critical vulnerability in Microsoft’s widely-used SharePoint platform has left more than 10,000 organisations globally exposed to cyberattacks, with security experts warning of a “dream scenario” for ransomware groups.
SharePoint, commonly used to store and manage internal documents, is deployed by thousands of enterprises and government agencies. Microsoft has confirmed “active attacks targeting on-premises servers,” with US federal and state departments reportedly among those impacted. While the United States accounts for the largest share of exposed systems, companies in the Netherlands, the UK and Canada are also believed to be vulnerable, according to cybersecurity firm Censys.
The flaw, initially identified by Dutch-based Eye Security, affects SharePoint Subscription Edition and older versions like SharePoint 2016 and 2019. While Microsoft has released a patch for the Subscription Edition and is working on fixes for the others, the issue runs deeper. According to Eye Security, even patched systems may remain compromised if attackers have already infiltrated them, as they can maintain access through modified components and backdoors that survive reboots and updates.
Researchers have expressed alarm over the scope and simplicity of the exploit. “It’s a dream for ransomware operators,” said Silas Cutler of Censys, warning that cybercriminals are likely already working to weaponise the flaw at scale.
Google’s Threat Analysis Group and Palo Alto Networks both labelled the vulnerability as “significant,” urging immediate mitigation. The nature of the exploit means attackers can extract authentication keys from SharePoint servers, enabling them to impersonate users or services and move laterally across networks.
Microsoft has published security guidance for organisations running vulnerable SharePoint instances, including detailed steps for threat detection and mitigation. However, experts stress that proactive investigation is essential, as compromised systems may not show immediate signs of intrusion.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
