Experts are particularly concerned after Microsoft warned of a serious "zero-day" vulnerability in its SharePoint server software that could be exploited by hackers to attack systems used by many government agencies and businesses to share internal documents.
"Anyone who has a SharePoint server hosted externally is at risk," said Adam Meyers, senior vice president at cybersecurity firm CrowdStrike, adding that the vulnerability was "a serious one."
The vulnerability — also known as “ToolShell” — is a variant of the existing vulnerability CVE-2025-49706, according to the US Cybersecurity and Infrastructure Security Agency (CISA).
This vulnerability poses a risk to organizations with on-premises SharePoint servers, allowing hackers to gain full access to SharePoint file systems, including connected services like Teams and OneDrive.
Google's Cybersecurity Threat Analysis division also warned that the vulnerability could allow hackers to "bypass future patches."
Microsoft confirmed that its cloud-based SharePoint Online service is not affected by this vulnerability.
However, Michael Sikorski, CTO and head of threat analysis for Palo Alto Networks' Unit 42 Security Research Group, warns that the vulnerability still puts many organizations and individuals at risk. "While cloud environments are not affected, on-premises SharePoint deployments – especially in government, schools, healthcare , and large enterprise companies – are at immediate risk," he explains.
International cybersecurity organizations announced on July 21 that this large-scale attack had penetrated the systems of about 100 different organizations, including many businesses and government agencies.
Vaisha Bernard, a senior hacker at Dutch cybersecurity firm Eye Security, who discovered the attack on one of its clients on July 18, said the company had scanned more than 80,000 SharePoint servers worldwide with security firm Shadowserver Foundation and found nearly 100 victims. The expert declined to identify the affected organizations, but said relevant agencies and countries had been notified.
Shadowserver Foundation revealed that most of the affected organizations were in the US and Germany, including government organizations.
Meanwhile, the UK National Cyber Security Centre also announced that it had information about "a limited number" of targets in the country.
While the scope and extent of the attack are still being assessed, CISA warns that the impact could be widespread. The agency recommends that any servers affected by the vulnerability be disconnected from the internet until they are patched./.
Source: https://www.vietnamplus.vn/canh-bao-nguy-co-tu-lo-hong-zero-day-trong-phan-mem-cua-microsoft-post1051061.vnp
Comment (0)