CISA updates alert on SharePoint vulnerabilities with new Microsoft guidance

The Cybersecurity and Infrastructure Security Agency updated its alert on vulnerabilities with Microsoft SharePoint servers to reflect newly released information as threat actor tactics, techniques, and procedures continue to evolve.

Details: CISA said the update contains additional information on the deployment of ransomware, new webshells involved in exploitation, and enhanced detection guidance.

Background: On July 19, Microsoft published a blog post addressing active attacks against on-premises SharePoint servers that exploit a spoofing vulnerability. The chain, publicly reported as “ToolShell,” enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.

Microsoft Recommendations: Microsoft recommends customers use supported versions of on-premises SharePoint servers with the latest security updates and enable Antimalware Scan Interface (AMSI) and Microsoft Defender Antivirus (or equivalent solutions) for all on-premises SharePoint deployments.

ICBA Resources: Additional cybersecurity resources for community bankers are available on ICBA’s Cyber and Data Security Center.

CISA updates alert on SharePoint vulnerabilities with new Microsoft guidance

NewsWatch Today Contacts

Independent Community Bankers of America

CISA updates alert on SharePoint vulnerabilities with new Microsoft guidance

NewsWatch Today Contacts

Related News

FATF: Stronger action needed to stem digital asset risks

Agencies sunsetting cybersecurity tool in August

ICBA, others push SEC to rescind cyber incident rule

ICBA, other groups urge Congress to reauthorize cybersecurity law