Thousands of companies and govt agencies at risk from Microsoft Sharepoint security flaw | 3D glass-themed Microsoft logo

More than 10,000 organizations around the world are at risk from hackers after a serious security flaw was discovered in Microsofts popular Sharepoint platform, used to store and share confidential documents. The majority of companies at risk are said to be in the US &

Microsoft said that there were active attacks targeting on-premises servers. US federal and state agencies are among the organizations said to have been affected.

Security researchers cited by Bloomberg said that the vulnerability was a dream for hackers, including ransomware attackers.

Cybersecurity firms cautioned that a broad section of organizations around the world could be affected by the breach. Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys, estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of those companies, followed by the Netherlands, the UK and Canada, he said.

Its a dream for ransomware operators, and a lot of attackers are going to be working this weekend as well, he added.

Statements by Palto Alto Networks and Googles Threat Intelligence Group both described the risks as serious and significant.

Microsoft said that it has issued a security patch for SharePoint Subscription Edition, and is actively working on similar ones for SharePoint 2016 and 2019. However, Eye Security, which was first to identify the flaw, said that this might not be enough.

Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems.

Microsoft has issued instructions for recommended precautions affected organizations should take, but given the current uncertainties, Id add another one: if you have sensitive documents stored on Sharepoint, you may want to remove them for now.

Photo by BoliviaInteligente on Unsplash

FTC: We use income earning auto affiliate links. More.