Immediate action required:
Vulnerability in SharePoint

The threat situation

The current vulnerability is being actively exploited by attackers to gain access to local SharePoint servers. Non-updated versions are particularly vulnerable. A successful attack could allow attackers to execute unauthorized code on the systems and compromise sensitive company data.

Important steps for IT administrators

IT administrators need to take extra care to protect their SharePoint environments. The following measures should be taken immediately:

ATTENTION! Verification necessary

Due to the systematic exploitation of the vulnerability even before the patches are released, it is absolutely necessary to check for a compromise!

Install the latest security updates:

• Microsoft SharePoint Server Subscription Edition
  • Download Security Update for Microsoft SharePoint Server Subscription Edition (KB5002768) from Official Microsoft Download Center
• Microsoft SharePoint Server 2019
  • Download Security Update for Microsoft SharePoint 2019 (KB5002754) from Official Microsoft Download Center
  • Security Update for Microsoft SharePoint Server 2019 Language Pack (KB5002753)
• Microsoft SharePoint Server 2016
  • Security Update for Microsoft SharePoint Enterprise Server 2016 (KB5002760)
  • Security Update for Microsoft SharePoint Enterprise Server 2016 Language Pack (KB5002759)

Activation of the Antimalware Scan Interface (AMSI)

Enable and configure AMSI for optimized threat detection. This includes the installation of Microsoft Defender Antivirus on all SharePoint servers.

Rotation of ASP.NET machine keys

After installing security updates or activating AMSI, you should rotate the machine keys of your SharePoint servers and restart the IIS server (`iisreset.exe`).

Call to managers

IT managers and decision makers should prioritize the security measures of their teams in order to protect company data. Attacks of this type often have serious consequences for the affected organization.