Particle.news

Download on the App Store

Shadowserver Reports 104 German SharePoint Servers Exposed by ToolShell Flaw

U.S. cyber authorities are urging organizations to patch on-premises SharePoint servers immediately to curb ongoing data breaches.

Overview

  • Shadowserver Foundation identified 104 unpatched SharePoint servers in Germany vulnerable to ToolShell, ranking the country second only to the U.S. in global exposure.
  • Microsoft released security updates Saturday to address the critical ToolShell zero-day in on-premises SharePoint, which carries a CVSS score of 9.8.
  • CISA and the FBI have opened investigations into the breaches and are coordinating with private and public sector partners on mitigation efforts.
  • Attackers have exploited the flaw to infiltrate dozens of government and corporate networks, stealing data, passwords and machine keys for persistent access.
  • Mandiant Consulting traced at least one initial exploit to a China-linked threat actor while attribution of other intrusions remains under analysis.