New vulnerabilities in the on-premise version of Microsoft SharePoint are letting hackers break into business networks without a password. We’ll break down the exploit and how to keep your team protected as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• What SharePoint does and why teams rely on it
• Why on-premise servers running SharePoint are exposed
• How hackers are now able to pose as real users
• How attackers have been able to remain inside systems, despite efforts
• Signs to check to see if attackers were in your system
• How to patch SharePoint and extra cleanup

Video Transcript

For those who have never used SharePoint, think of it as a central hub to store files, collaborate, and communicate with teammates. Organizations can choose to deploy SharePoint via the cloud, or run it on their own on-premise servers. And while either is typically a viable option, the on-premise version of SharePoint is currently being exploited to give hackers access to business networks and the data held inside.

Now, this most recent exploit was discovered by the team at Eye Security. Through their research, the team found that cybercriminals were able to gain complete control over SharePoint, without even needing a username or password.

To accomplish this, hackers use a security flaw to secretly upload malicious files to a SharePoint server. These files allow them to impersonate real employees or services, so it’s pretty easy for the culprits to go unnoticed. Once inside, they can grab sensitive data like passwords, financial information, or confidential documents.

Even worse, because SharePoint connects to other key apps like Outlook, Teams, and OneDrive, attackers can easily spread through the company’s entire digital environment. And, before the vulnerability was officially discovered, patching or rebooting impacted servers did little to remove the attackers who had found their way inside.

That said, Microsoft is now fully aware of these ongoing attacks and has released emergency patches designed to close the exploit. If you’re using SharePoint Subscription Edition or SharePoint 2019, there’s a patch available right now. However, companies using SharePoint 2016 are still waiting for an update. Also, again, please keep in mind that these updates only apply if you’re running SharePoint via an on-premise server. Organizations running the cloud version of the application aren’t impacted.

But, even if you apply Microsoft’s patch, there’s still more to do. Because attackers have stolen important digital keys from servers, your IT team needs to take extra steps. Specifically, they must rotate what’s called the machine keys, which are basically digital IDs that must be changed to lock out hackers who have already broken in.

Also, to know if your organization has been compromised, your IT team should look for signs like suspicious file uploads or unusual server logs. And, even if things seem okay, experts recommend still rotating those keys just to be safe.

Now, if you’re feeling overwhelmed, just know that you don’t have to tackle this alone. A trusted IT partner, like Rocket IT, can simplify your response, secure your business faster, and make sure you’re protected moving forward. For those wanting peace of mind, contact Rocket IT using the link in this video’s description and we’ll help you get started. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.