'Tens of Thousands' of SharePoint Servers at Risk. Microsoft Issues No Patch (msn.com) 28
"Anybody who's got a hosted SharePoint server has got a problem," the senior VP of cybersecurity firm CrowdStrike told the Washington Post. "It's a significant vulnerability."
And it's led to a new "global attack on government agencies and businesses" in the last few days, according to the article, "breaching U.S. federal and state agencies, universities, energy companies and an Asian telecommunications company, according to state officials and private researchers..."
"Tens of thousands of such servers are at risk, experts said, and Microsoft has issued no patch for the flaw, leaving victims around the world scrambling to respond." (Microsoft says they are "working on" security updates "for supported versions of SharePoint 2019 and SharePoint 2016," offering various mitigation suggestions, and CISA has released their own recommendations.)
From the Washington Post's article Sunday: Microsoft has suggested that users make modifications to SharePoint server programs or simply unplug them from the internet to stanch the breach. Microsoft issued an alert to customers but declined to comment further... "We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available," said Pete Renals, a senior manager with Palo Alto Networks' Unit 42. "We have identified dozens of compromised organizations spanning both commercial and government sectors.''
With access to these servers, which often connect to Outlook email, Teams and other core services, a breach can lead to theft of sensitive data as well as password harvesting, Netherlands-based research company Eye Security noted. What's also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched. "So pushing out a patch on Monday or Tuesday doesn't help anybody who's been compromised in the past 72 hours," said one researcher, who spoke on the condition of anonymity because a federal investigation is ongoing.
The breaches occurred after Microsoft fixed a security flaw this month. The attackers realized they could use a similar vulnerability, according to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. CISA spokeswoman Marci McCarthy said the agency was alerted to the issue Friday by a cyber research firm and immediately contacted Microsoft... The nonprofit Center for Internet Security, which staffs an information-sharing group for state and local governments, notified about 100 organizations that they were vulnerable and potentially compromised, said Randy Rose, the organization's vice president. Those warned included public schools and universities. Others that were breached included a government agency in Spain, a local agency in Albuquerque and a university in Brazil, security researchers said.
But there's many more breaches, according to the article:
And it's led to a new "global attack on government agencies and businesses" in the last few days, according to the article, "breaching U.S. federal and state agencies, universities, energy companies and an Asian telecommunications company, according to state officials and private researchers..."
"Tens of thousands of such servers are at risk, experts said, and Microsoft has issued no patch for the flaw, leaving victims around the world scrambling to respond." (Microsoft says they are "working on" security updates "for supported versions of SharePoint 2019 and SharePoint 2016," offering various mitigation suggestions, and CISA has released their own recommendations.)
From the Washington Post's article Sunday: Microsoft has suggested that users make modifications to SharePoint server programs or simply unplug them from the internet to stanch the breach. Microsoft issued an alert to customers but declined to comment further... "We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available," said Pete Renals, a senior manager with Palo Alto Networks' Unit 42. "We have identified dozens of compromised organizations spanning both commercial and government sectors.''
With access to these servers, which often connect to Outlook email, Teams and other core services, a breach can lead to theft of sensitive data as well as password harvesting, Netherlands-based research company Eye Security noted. What's also alarming, researchers said, is that the hackers have gained access to keys that may allow them to regain entry even after a system is patched. "So pushing out a patch on Monday or Tuesday doesn't help anybody who's been compromised in the past 72 hours," said one researcher, who spoke on the condition of anonymity because a federal investigation is ongoing.
The breaches occurred after Microsoft fixed a security flaw this month. The attackers realized they could use a similar vulnerability, according to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. CISA spokeswoman Marci McCarthy said the agency was alerted to the issue Friday by a cyber research firm and immediately contacted Microsoft... The nonprofit Center for Internet Security, which staffs an information-sharing group for state and local governments, notified about 100 organizations that they were vulnerable and potentially compromised, said Randy Rose, the organization's vice president. Those warned included public schools and universities. Others that were breached included a government agency in Spain, a local agency in Albuquerque and a university in Brazil, security researchers said.
But there's many more breaches, according to the article:
- "Eye Security said it has tracked more than 50 breaches, including at an energy company in a large state and several European government agencies."
- "At least two U.S. federal agencies have seen their servers breached, according to researchers."
- "One state official in the eastern U.S. said the attackers had 'hijacked' a repository of documents provided to the public to help residents understand how their government works. The agency involved can no longer access the material..."
"It was not immediately clear who is behind the hacking of global reach or what its ultimate goal is. One private research company found the hackers targeting servers in China..."
Just stop (Score:4, Insightful)
Stop using toy operating systems for doing corporate work. If someone wants to put up a personal blog or a cute kittens website, I suppose this stuff will do. Other than that, don't.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
They're pivoting to video, err, AI (Score:2)
AI is the future. Ignore the previous failures. AI is the future.
Re: (Score:2)
Re: (Score:2)
There are obscure options and files you can add to the installation image that give you choice back. I just tried to install Win11 pro over Win11 home (fresh install, wipe everything) and that only worked after I added some file to the install disk. Before the installer just checks the serial stored on that machine and gives you no choice. Really unprofessional.
Win11 is much more difficult to figure out than Linux ever was. Fortunately, there is web-search. Unfortunately, I think I cannot quite do without W
Re: (Score:2)
They're too busy renegotiating their parking space, or choosing a colour for their business cards to think about security or redundancy or risk management.
The sales rep with the shiny new Beemer told them that everything would be fine, so they just signed a cheque and went back to the board with a glowing quarter report.
Anyone who uses Sharepoint is getting exactly what they deserve. And the
Re: (Score:2)
Indeed. These fuckups are a fossil from the times that software did not have to be secure. And they never adapted and probably cannot adapt. Remember that security is, at this time, still their "highest priority", which means this crap is really the best they can do. And it does not cut it.
Although quite a few people use a real OS and real server software for their personal stuff.
Re: (Score:2)
These fuckups are a fossil from the times that software did not have to be secure.
When did that change?
Re: (Score:3)
When the Internet became widespread. Or before users hat accounts on regular computers, take your pick.
Re: (Score:2)
Microsoft Cheese (Score:4, Funny)
Microsoft cheese is like a cross between American cheese and Swiss cheese. Microsoft cheese is not too hard and full of holes, like swiss cheese, at the same time Microsoft cheese is mostly fake and tastes awful, like American cheese.
Re: (Score:3)
Re: (Score:2)
Americans don't know cheese. How would I know? Just look at the cheese we made, its not even cheese its 'cheese product'. I threw up in my mouth a bit just saying it.
Looks like any of these fit the description:
https://duckduckgo.com/?q=swis... [duckduckgo.com]
So, you tell me is there one of these relatively soft, holey, swiss cheeses that stinks too? That'd be the one.
Re: (Score:2)
In idiomatic American English, "Swiss cheese" is something like Emmentaler, almost always with holes: https://en.wikipedia.org/wiki/... [wikipedia.org]
I don't see the problem (Score:4, Funny)
The product is called SharePoint, right? And what's happening is your files are being shared with everybody in the world. So what's with all the whining?
It's right there in the name!
I would not be surprised if... (Score:2)
Re: (Score:2)
Me neither.
However, would that type of information stored on Sharepoint servers not also be a data "goldmine" for AI dataset harvesters? So now you do not need to shield yourself from hackers and ransomware groups, but AI "harvesters" as well? Probably even more so, now that those can relentlessly attack and learn without stopping, under the guise of "but China...".
Just as there was/is a need for software that severely limits the rate of login attempts, there is now also a need for similar software to block
Bad news first (Score:5, Funny)
The bad news: Hackers have gained access to thousands of SharePoint servers.
The good news: It will be of no use to them, because just like the befuddled employees who are stuck using SharePoint, the hackers won't be able to find any relevant information in the byzantine hierarchy of pseudo folders packed with stale artifacts.
JFC (Score:2)
Burn it down. At this point it's the only option against Microsoft.
Considering how much these people are being overpaid and the number of bugs which appear on a near daily basis, at some point you have to tear it down and start fresh.
Re: (Score:2)
Microsoft doesn't overpay it's people. It only fires people nowadays.
What Microsoft does do too much of, overestimating the quality of their CoPilot products.
Re: (Score:2)
This is also the only option because there are strong indicators they have piled up to much technological debt that their stuff cannot be fixed anymore. Or make any real progress.
Time to hand out fines (Score:2)
If MS sells software and support to government agencies, they should be on the hook if or when their software creates critical vulnerabilities in infrastructure. Especially if they don't have a patch immediately!
Re:Time to hand out fines (Score:4, Informative)
To be fair, it sounds as if they haven't figured out a decent patch. I mean when they're recommend that users make the systems safe by unplugging them, it doesn't sound like they've got a better idea.
We trust CrowdStrike now? (Score:2)
Well, on this thing, probably, but after their last disaster they have to be counted as the dumbest fucks you can find in IT security.
What does this company do again? (Score:2)