Particle.news
Download on the App Store
70 ARTICLES
·
last wk.

Microsoft Deploys SharePoint 2019 and Subscription Edition Patches as Zero-Day Attacks Continue

A unified response led by Microsoft with U.S. federal agencies is underway to contain an active zero-day exploit in on-premises SharePoint environments.

A view shows a Microsoft logo at Microsoft offices in Issy-les-Moulineaux near Paris, France, January 9, 2025. REUTERS/Gonzalo Fuentes/File Photo
Microsoft signage is seen at the company's headquarters in Redmond, Washington, U.S., January 18, 2023. REUTERS/Matt Mills McKnight/File Photo
Image
Image

Overview

  • Emergency security updates for SharePoint Subscription Edition and 2019 have been released while patches for the 2016 version remain under development
  • The exploited zero-day flaw allows attackers to spoof network communications, bypass multi-factor authentication and execute remote code
  • Microsoft is coordinating with CISA, the FBI and private cybersecurity firms to investigate attacker tactics and remediate affected systems
  • Tens of thousands of on-premises SharePoint servers worldwide still face compromise risk without timely application of available patches
  • Organizations are urged to enable malware protection or disconnect vulnerable servers from the internet until full fixes are applied