Particle.news

Download on the App Store

Microsoft Patches SharePoint Zero-Day Exploit Used by Chinese State Hackers

CISA warned organizations to disconnect on-premises SharePoint servers after cybersecurity firms uncovered breaches on more than 100 installations

Microsoft signage is seen at the company's headquarters in Redmond, Washington, U.S., January 18, 2023. REUTERS/Matt Mills McKnight/File Photo
Image
A logo marking the edge of the Microsoft corporate campus in Redmond, Washington.

Overview

  • China-linked groups Linen Typhoon, Violet Typhoon and Storm-2603 bypassed Microsoft’s initial July 8 patches to exploit a zero-day vulnerability in on-premises SharePoint servers
  • More than 100 servers worldwide, including those at the U.S. National Nuclear Security Administration, were compromised without evidence of sensitive data theft
  • Microsoft released comprehensive security updates and advised customers to rotate server machine keys and deploy anti-malware tools to eradicate persistent backdoors
  • CISA urged agencies and private organizations to disconnect vulnerable on-premises SharePoint deployments amid warnings that thousands of servers remain unpatched
  • Ongoing investigations by Microsoft and cybersecurity firms have detected new intrusion attempts as unpatched systems continue to face active exploitation