Overview
- Shadowserver Foundation identified 104 unpatched SharePoint servers in Germany vulnerable to ToolShell, ranking the country second only to the U.S. in global exposure.
- Microsoft released security updates Saturday to address the critical ToolShell zero-day in on-premises SharePoint, which carries a CVSS score of 9.8.
- CISA and the FBI have opened investigations into the breaches and are coordinating with private and public sector partners on mitigation efforts.
- Attackers have exploited the flaw to infiltrate dozens of government and corporate networks, stealing data, passwords and machine keys for persistent access.
- Mandiant Consulting traced at least one initial exploit to a China-linked threat actor while attribution of other intrusions remains under analysis.