Microsoft has issued emergency security patches for zero-day vulnerabilities in its SharePoint work management software, leading to data theft through spoofing attacks. The patches are aimed at on-premises SharePoint servers and not the cloud-based version. The vulnerabilities were exposed by Eye Security and have already led to multiple systems being compromised.

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about ToolShell, the chain used in the attacks, allowing malicious actors to access SharePoint content, execute code over the network, and compromise systems. Microsoft’s SharePoint software is used by over 200,000 organizations and 190 million users, but the vulnerability affects the on-premises version.

In the past, Microsoft has faced criticism for security lapses, including a Windows 10 vulnerability introduced by a security update and scrutiny from the US Congress in 2024 for security vulnerabilities. This latest incident adds to the company’s history of security concerns, impacting governments, businesses, and universities worldwide.

Read more at Cointelegraph: Microsoft Pushes Emergency Patches for SharePoint Amid Exploit