Batten Down the Hatches on Your SharePoint Servers

It’s been a busy weekend for Microsoft. Some of the company’s customers spent the last couple of days experiencing zero-day attacks that reportedly targeted businesses and some government organizations. Microsoft has already released a fix for the vulnerability, which affects SharePoint Server. Microsoft 365, which was the target of a massive cyberattack a few months ago, doesn’t appear to be affected.

Microsoft announced the attack Saturday, saying it was aware of “active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.” A zero-day attack exploits an undisclosed weakness. Microsoft addressed a related vulnerability in its July 8th Patch Tuesday update, but hackers made use of this variant.

The good news is that SharePoint Online for Microsoft 365 isn’t affected by this vulnerability. Unfortunately, many companies are finding that their on-site SharePoint servers have been attacked. Security writer and former ...