New Delhi, July 21 || Tech giant Microsoft has issued urgent security patch after observing "active attacks" on server software used by government agencies and businesses to share documents within organisations.
According to Microsoft, the vulnerabilities apply only to SharePoint servers used within organisations. SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks, the organisation informed.
“Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update,” said the tech giant in ints security advisory.
The company recommended security updates that customers should apply immediately.
The US Federal Bureau of Investigation (FBI) also said it is aware of the attacks and is working closely with its federal and private-sector partners.
The vulnerability is related to a case of remote code execution that arises due to the deserialization of untrusted data in on-premise versions of Microsoft SharePoint Server.
Microsoft said the current published content is correct and that the previous inconsistency does not impact the company's guidance for customers.
"After applying the latest security updates above or enabling AMSI, it is critical that customers rotate SharePoint server ASP.NET machine keys and restart IIS on all SharePoint servers," Microsoft said.