Why Microsoft Is Urging Security Updates for SharePoint Customers

The company confirmed “active attacks” targeting SharePoint Servers customers. (Jeenah Moon/Getty Images)

Microsoft confirmed “active attacks” targeting SharePoint customers and urged clients in a blog post over the weekend to immediately apply security updates.

The attacks are exploiting vulnerabilities in SharePoint Servers, a version of the internal file-sharing and intranet platform that organizations host on their own servers. The cloud-based SharePoint Online in Microsoft 365 isn’t impacted, according to the company’s Security Response Center.

Microsoft released security updates for SharePoint Subscription Edition and SharePoint 2019, noting “customers should apply these updates immediately to ensure they’re protected.” The company added that it was developing security updates for supported versions of SharePoint 2019 and SharePoint 2016.

Microsoft stock was down 0.2% on Monday.

The company sent Barron’s a link to its blog post and declined to comment further.

Eye Security, a cybersecurity firm, said it discovered dozens of systems compromised across two waves of attacks—one on Friday afternoon and another early Saturday.

“Once inside, [attackers] can access all SharePoint content, system files, and configurations and move laterally across the Windows Domain,” Eye Research wrote in a report. “Because SharePoint often connects to core services like Outlook, Teams, and OneDrive, a breach can quickly lead to data theft, password harvesting, and lateral movement across the network.”

The Cybersecurity and Infrastructure Security Agency, or CISA, said it was aware of the attacks and recommended SharePoint customers either configure security protections or, if not possible, entirely disconnect affected products.

Major cybersecurity stocks were rising Monday, with CrowdStrike Holdings up 1.6%, Palo Alto Networks rising 1.8%, and Zscaler up 0.2%.

Write to Nate Wolf at nate.wolf@barrons.com