The first organization that announced this SharePoint vulnerability was Eye Security, which revealed this bug on Saturday, stating that a high number of online servers were used by hackers to steal digital keys directly from SharePoint. The interesting part is that they didn’t need the user's credentials to log in, so after they easily connected, they had the chance to access private documents and files.
This situation is also known as a zero-day SharePoint attack, mostly because all the issues were publicly announced exactly when they were discovered. So, Microsoft didn’t have the spare time to try and resolve this bug before it became public. The Microsoft zero-day bug also affects the older versions, including SharePoint Server 2016.
It’s important to mention that hackers can take advantage of this zero-day Microsoft bug and try to steal different types of data, collect users' passwords, and even look through all the network services that are connected to the Microsoft SharePoint server, such as OneDrive, Outlook, and Teams.
Microsoft released some fixes very recently for SharePoint 2019, and for those who have a SharePoint Subscription Edition, in order to make sure that all their data is protected from hackers. The only server that remains to receive a fix is SharePoint 201, but according to Microsoft, it is making great efforts to solve this problem.
The giant Microsoft has not yet discovered who is behind all these SharePoint attacks, considering the company has reported multiple attempts at an attack by hackers.
Stay tuned for more updates!
