Microsoft publishes emergency patches for its SharePoint software amid attacks
SharePoint’s cloud-based platform remains unaffected, with the vulnerabilities limited to on-premises installations, Microsoft said.
Microsoft has published emergency security patches to protect users from zero-day vulnerabilities affecting its SharePoint work management software, the company said on its website. The vulnerabilities, which have led to spoofing attacks that steal sensitive data and passwords, have impacted governments, businesses and universities worldwide.
“Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update,” a company blog post published on Sunday read.
The vulnerabilities affect SharePoint software that operates on-premises and not the SharePoint 365 version that runs on the cloud, Microsoft said. The patches Microsoft has released, which are cumulative, are geared toward the “SharePoint Server Subscription Edition,” “SharePoint Server 2019” and “SharePoint Server 2016.”