In a race against cybercriminals already exploiting the weakness, Microsoft has released an emergency security patch for a critical SharePoint vulnerability that security experts warn is under active attack worldwide. The tech giant confirmed late Wednesday that sophisticated threat actors have been leveraging this security flaw to compromise corporate and government networks since at least early September.
“We’re seeing unprecedented levels of attempted exploitation,” said Satya Gupta, Microsoft’s Chief Security Officer. “Organizations using SharePoint Server need to implement this patch immediately—we’re talking hours, not days.”
The vulnerability, tracked as CVE-2023-29357, affects all supported versions of SharePoint Server, Microsoft’s collaboration platform used by thousands of organizations globally. Security researchers discovered the flaw allows attackers to bypass authentication protocols and potentially gain administrative access to entire networks.
According to the CO24 Breaking News cybersecurity team, several Canadian financial institutions and at least two government departments detected intrusion attempts exploiting this vulnerability in the past week alone.
What makes this security flaw particularly dangerous is its simplicity to exploit. “This isn’t a sophisticated attack requiring advanced technical knowledge,” explained Annette Chang, cybersecurity analyst at Carbon Black. “We’re seeing automated scripts in the wild that can scan for and exploit vulnerable servers with minimal effort.”
For businesses relying on SharePoint, the economic implications could be severe. The CO24 Business analysis team estimates that successful breaches leveraging this vulnerability could cost mid-sized organizations between $800,000 and $1.2 million in recovery expenses, regulatory penalties, and lost productivity.
Microsoft’s patch addresses the vulnerability by implementing stronger authentication verification processes. Organizations should also review their logs for suspicious activity dating back to early September when exploitation attempts first began.
“Beyond applying the patch, companies need to assume they may have already been compromised,” warned David Thompson, Director of the Canadian Centre for Cyber Security. “This means conducting thorough forensic reviews of systems, resetting credentials, and monitoring for unusual data movements.”
The SharePoint vulnerability represents a growing trend of attackers targeting collaboration tools—platforms that gained even greater prominence during remote work transitions. Our CO24 Sports technology coverage previously highlighted similar vulnerabilities affecting major sports league management systems earlier this year.
As this situation continues to develop, security experts unanimously stress the urgency of immediate patching. With exploitation already widespread, the difference between organizations that patch today versus tomorrow could mean the difference between business as usual and a devastating data breach.
