Laboratories that aren’t already patching their SharePoint Server installations need to start doing so after a widespread hack.

On Sunday, Microsoft sent an emergency security update to patch a vulnerability in its on-premises SharePoint Server product (SharePoint Online in Microsoft 365 is unaffected). Cyberattackers have already exploited the vulnerability to breach US government agencies, universities, and more, KrebsOnSecurity reports.

For research organizations and laboratories running their own SharePoint Servers, it’s imperative that lab managers and IT work together to back up vital data and install the patch or, if the patch cannot yet be applied, disconnect the affected hardware from the internet, as advised by Microsoft in its customer guidance release. The guidance may be updated as the situation develops and additional patches for different versions of SharePoint are released.

The scope of the vulnerability and next steps for lab managers

According to Brian Krebs, independent security reporter and founder of KrebsOnSecurity, the vulnerability has enabled attackers to fully access SharePoint Servers. The objective for these attacks was to steal SharePoint server ASP.NET machine keys, which are used to encrypt and decrypt data. Armed with these keys, attackers could use them to appear legitimate to SharePoint Servers and run malicious commands on them later.

Compendium

When Your Systems Don’t Work Together, Your Team Has to Work Harder

Digital transformation is helping labs unify systems, standardize data, and improve efficiency

Read Compendium

Researchers at Eye Security, who first saw a large-scale exploit occur on July 18, emphasize that installing the security patch alone isn’t sufficient: “It is critical that affected servers rotate SharePoint Server ASP.NET machine keys and restart IIS [Microsoft’s web server software] on all SharePoint Servers. Patching alone is not enough.” Lab managers should work with their organization’s IT department to roll out new machine keys and restart the IIS web server hosting SharePoint, as well as back up critical data stored in SharePoint.

Additional takeaways

While lab managers may not have ultimate authority over their lab’s IT and security, they are still accountable for adhering to security best practices and understanding where threats may arise in their lab’s digital infrastructure. Lab managers should know all the software their lab uses and remain vigilant by ensuring their workstations, instruments, and IoT devices are up to date at all times.

Furthermore, lab managers should pay close attention to how equipped vendors are to help them address security vulnerabilities. After this SharePoint exploit was found, Microsoft worked quickly to develop and release security updates to neutralize it. Other service providers may not have that same agility, particularly if the software is obscure and not actively maintained by the original developers.