The Cybersecurity and Infrastructure Security Agency has issued an alert warning of four Microsoft SharePoint vulnerabilities being exploited by cyber threat actors. CISA said the vulnerabilities affect all supported on-premises versions of SharePoint Server, including the Subscription Edition, 2019 and 2016. Threat actors can establish remote code execution and perform other actions to deploy malware. CISA said organizations should monitor SharePoint Servers closely for any signs of exploitation or unusual activity. An additional vulnerability was found, but it is not yet known to have been exploited. Microsoft identified it as a potential risk if it is left unpatched. CISA urged organizations to apply the latest patches and security updates from Microsoft, among other recommendations. 

“Nearly everyone using Microsoft products is using SharePoint, the backbone of the Office suite,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “Hospitals with their SharePoint instances housed on premises should pay particular attention to this alert. The common vulnerabilities and exposures listed in the report have patches available, and they should be deployed as soon as possible. Hospitals should also verify that the security measures mentioned are in place.” 

For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org, or John Riggi, AHA national advisor for cybersecurity and risk, at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity
 

Headline
The White House July 14 announced the establishment of Gold Eagle, a clearinghouse to enhance cybersecurity for critical infrastructure entities that will…
Headline
The Centers for Medicare & Medicaid Services, the Centers for Disease Control and Prevention, and the Department of Health and Human Services July 15…
Headline
The Cybersecurity and Infrastructure Security Agency and other U.S. and international agencies released a joint advisory July 13, warning of Russian cyber…
Headline
The Cybersecurity and Infrastructure Security Agency July 1 announced the formation of a new advisory body intended to foster collaboration, coordination…
Headline
Leaders of the Five Eyes cybersecurity agencies, consisting of Australia, Canada, New Zealand, the United Kingdom and the United States, released a joint…
Headline
President Trump issued a memorandum June 12 on cybersecurity governance for national security systems used by federal agencies. The memo re-establishes and…