Particle.news

Download on the App Store

Microsoft Releases Emergency SharePoint Patches After Chinese-Linked Zero-Day Exploits

Customers are urged to stay vigilant after patches address a critical authentication bypass exploited by state-affiliated hackers

Image
Microsoft apps are being displayed on a smartphone, with the Microsoft logo visible in the background, in this photo illustration taken in Brussels, Belgium, on December 30, 2023. (Photo by Jonathan Raa/NurPhoto)
Image
Über Microsoft kann man keine Filme und Serien mehr kaufen. (Symbolbild)

Overview

  • Microsoft publicly attributed coordinated intrusions beginning July 7 to three Chinese-affiliated networks—Linen Typhoon, Violent Typhoon and Storm-2603
  • Attackers leveraged a zero-day ToolShell vulnerability in on-premises SharePoint servers to bypass authentication and access systems as legitimate users
  • Emergency updates apply only to on-premises SharePoint deployments while cloud-based instances remain unaffected by the campaign
  • China’s government rejected the allegations as unfounded even as Google confirmed increased interest in the vulnerability from Chinese-linked groups
  • The company pledged to roll out continuous security updates to strengthen defenses against anticipated future intrusions