Microsoft servers rocked by massive Zero-Day hack - what is the exploit and who’s behind the breach?

Microsoft has sent out an urgent security warning after finding out that hackers are actively targeting its SharePoint server software, which is apparently an important tool for both businesses and government agencies.

The breach, which is being called a "zero-day" exploit, has made cybersecurity officials rush to fix it. There could have been a risk to tens of thousands of servers.

Microsoft has advised users to install security updates right away in response to an alert regarding "active attacks" on server software that is used by businesses and government organizations to share documents within their organizations, as per a report by Reuters.

What exactly happened with the Microsoft server attack?

Microsoft has confirmed that a zero-day attack is targeting on-premise SharePoint servers. The Washington Post claimed that anonymous actors had attacked U.S. and foreign organizations and companies in recent days by taking advantage of a vulnerability.

The FBI stated on Sunday that it is aware of the attacks and is collaborating closely with its federal and private-sector partners.

ALSO READ: Elon Musk is back in wartime mode — 7 days a week, sleeping in the office, no breaks

Microsoft stated in an alert released on Saturday that the vulnerabilities are limited to SharePoint servers utilized by businesses. Microsoft asserted that the attacks had no impact on Microsoft 365's cloud-based SharePoint Online.

SharePoint 365 in the cloud is still working fine. Microsoft is working with the FBI and CISA to fix the breach right now.

A Microsoft representative stated, "We've been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response."

ALSO READ: What is Microsoft's SharePoint that has been targeted by hackers? Thousands of firms worldwide at risk

How dangerous is the vulnerability?

As it targeted an undiscovered vulnerability, the hack is referred to as a "zero day" attack, as per a report. The flaw lets attackers pretend to be trusted sources and send fake messages and change systems.

Microsoft stated in the alert that a flaw "allows an authorized attacker to perform spoofing over a network." It made suggestions to prevent the attackers from taking advantage of it.

By concealing their identity and posing as a reliable individual, group, or website, an actor can influence financial markets or agencies through spoofing attacks.

What steps should affected users take now?

The company released security updates and advised users to install them right away. Customers should disconnect their servers from the internet until a security update is available if they are unable to activate the suggested malware protection, it further stated.

Microsoft and U.S. cybersecurity officials are working around the clock to fix the problems and limit the damage.

FAQs

Who has been affected by the Microsoft breach?
Businesses and government agencies use on-premise SharePoint servers, not SharePoint Online.

What should users do right now?
Apply Microsoft's most recent security updates immediately, or disconnect servers if updates cannot be applied.