Microsoft knew of SharePoint server exploit but failed to effectively patch it

By James Pearson

LONDON (Reuters) -A information spot released by Microsoft (MSFT) past period failed to afloat hole a captious flaw successful U.S. tech giant's SharePoint server bundle that had been identified successful May, opening the doorway to a sweeping planetary cyber espionage operation.

It remains unclear who is down the ongoing operation, which targeted astir 100 organisations implicit the weekend. But Alphabet's Google, which has visibility into wide swathes of net traffic, said it tied astatine slightest immoderate of the hacks to a "China-nexus menace actor".

The Chinese Embassy successful Washington did not respond to a Reuters petition for comment. Chinese government-linked operatives are regularly implicated successful cyberattacks, but Beijing routinely denies carrying retired hacking operations.

Contacted connected Tuesday, Microsoft was not instantly capable to supply remark connected the spot and its effectiveness.

The vulnerability that facilitated the onslaught was archetypal identified successful May astatine a hacking contention successful Berlin organised by cybersecurity steadfast Trend Micro, which offered currency bounties for the find of machine bugs successful fashionable software.

It offered a $100,000 prize for "zero day" exploits - truthful called due to the fact that they leverage antecedently undisclosed integer weaknesses - that could beryllium utilized against SharePoint, Microsoft's flagship papers absorption and collaboration platform.

A researcher moving for the cybersecurity limb of Viettel, a telecommunications steadfast operated by Vietnam's military, identified a SharePoint bug astatine the event, dubbed it 'ToolShell' and demonstrated a method of exploiting it.

The researcher was awarded $100,000 for the discovery, according to a station connected X by Trend Micro's "Zero Day Initiative". A spokesperson for Trend Micro did not instantly respond to Reuters' requests for remark regarding the contention connected Tuesday.

Microsoft subsequently said successful a July 8 information update that it had identified the bug, listed it arsenic a captious vulnerability, and released patches to hole it.

Around 10 days later, however, cybersecurity firms started to announcement an influx of malicious online enactment targeting the aforesaid bundle the bug sought to exploit: SharePoint servers.

"Threat actors subsequently developed exploits that look to bypass these patches," British cybersecurity steadfast Sophos said successful a blog station connected Monday.

The excavation of imaginable ToolShell targets remains vast.

According to information from Shodan, a hunt motor that helps to place internet-linked equipment, implicit 8,000 servers online could theoretically person already been compromised by hackers.