Microsoft has observed three China-based threat actors, Linen Typhoon, Violet Typhoon and Storm-2603, exploiting the SharePoint vulnerabilities

More details emerged on the ToolShell zero-day attacks targeting SharePoint servers, but confusion remains over the vulnerabilities.

Microsoft is following up and is also releasing a patch for the 2016 edition of Sharepoint. Admins should install this immediately.

While all patches against ‘ToolShell’ exploits are now available for on-premises SharePoint Servers, attackers will be looking to utilize the vulnerabilities for months to come, security researchers tell CRN.

Exploitation of the ToolShell RCE zero-day in Microsoft SharePoint continues to gather pace, with evidence emerging of exploitation by nation state-backed threat actors.

A new vulnerability dubbed ToolShell is being used to compromise on-premise instances of Microsoft SharePoint servers. Attacks have ranged from highly targeted to opportunistic based on the value of the company operating the server.

At least 85 servers worldwide have been compromised through a Microsoft service vulnerability that has been used to achieve remote code execution.