The Center for Cybersecurity Belgium (CCB) warns organisations about serious vulnerabilities in Microsoft SharePoint Server. This vulnerability allows attackers to execute remote code on unpatched SharePoint servers. This means that malicious actors can use it to gain unauthorised access to systems. This vulnerability is already being actively exploited.
We are treating the recently discovered SharePoint vulnerability as a high priority. Our teams are actively reaching out to Belgian companies that may have been affected by this critical security issue. A patch is available for Microsoft SharePoint Server Subscription Edition and Microsoft SharePoint Server 2019 to address this vulnerability. The CCB strongly recommends installing the security updates as soon as possible. Microsoft's advisory describes how to do this.
Who is at risk?
Organisations using the following on-premises SharePoint products are affected:
- Microsoft SharePoint Server Subscription Edition
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server 2016
What should you do?
If your organisation uses these SharePoint products, we strongly advise you to:
- Immediately apply the emergency security patches released by Microsoft. These updates are designed to close the vulnerability and prevent exploitation.
- Check your systems for signs of compromise. If you suspect that your SharePoint environment has been breached, take action quickly.
More information
You can find our full technical advisory here: Emergency Patch for Exploited SharePoint Vulnerability.
Follow the updates on the CCB website.
Report an incident
Report any incidents to the CCB via our official incident reporting form.
The CCB is committed to protecting Belgian organisations from cyber threats. We will continue to monitor the situation closely, provide updates as needed and contact potential victims.