Microsoft has released an urgent patch to address a serious zero-day vulnerability discovered in SharePoint servers. However, the vulnerability continues to be actively exploited, directly impacting thousands of organizations worldwide. The vulnerability is reported to target critical infrastructure, from government agencies and energy companies to universities and telecom companies.
Vulnerability detected on Microsoft servers
The vulnerability was first discovered by Eye Security. It was confirmed that the vulnerability allows unauthorized access to SharePoint servers, impersonation of users and services, tampering with system configurations, and execution of external code. This could allow hackers to infiltrate the system, steal data, obtain passwords, and spread laterally within the network to other systems.

According to a statement by Censys, the vulnerability is large enough to affect more than 10,000 companies worldwide. It was also noted that ransomware groups are actively investigating the vulnerability.
Google’s Threat Intelligence Group stated that the vulnerability allows persistent access to systems without requiring authentication, posing a threat that may be difficult to address even with future software updates.
The severity of the vulnerability stems from the fact that SharePoint is not only a document management tool but also a platform integrated with other Microsoft services such as Outlook, Teams, and OneDrive. This integration allows a breach in the system to quickly have knock-on effects throughout an organization.
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are actively investigating attacks targeting the SharePoint vulnerability. The groups behind the attacks have not been identified so far. However, data obtained suggests that organized, highly technically sophisticated groups may have carried out the attacks.
Microsoft’s security patch includes a call for all administrators to urgently update their SharePoint servers to address the vulnerability. The company recommends updating the system as soon as possible.