Earlier this week, we warned organisations about serious vulnerabilities in Microsoft SharePoint. This vulnerability allowed attackers to remotely execute code on unpatched SharePoint servers. This meant that malicious parties could use it to gain unauthorised access to systems. The vulnerability was already being actively exploited at the time.
During the week, we were able to identify around 35 organisations that were potentially vulnerable because they were using the affected versions of Microsoft SharePoint. We contacted them personally and received the following feedback:
- Two organisations discovered a successful intrusion attempt but were able to stop the attack in time. The consequences were very limited.
- One organisation reported an interruption in its daily operations because SharePoint was temporarily taken out of service as a precautionary measure.
- Five organisations reported that they had detected effective attempts to attack them, but thanks to appropriate precautions, everything was successfully blocked.
Overall, it appears that Belgian organisations responded to this threat in a timely and appropriate manner.