Surprise, surprise: Chinese spies, IP stealers, other miscreants attacking Microsoft SharePoint servers At least three Chinese groups are attacking on-premises SharePoint servers via a couple of recently disclosed Microsoft bugs, according to Redmond. Two of the crews behind the zero-day attacks are government-backed: Linen Typhoon (aka Emissary Panda, APT27) and Violet Typhoon (aka Zirconium, Judgment Panda, APT31), Microsoft's …
I'm deeply disappointed that a platform like ASP.NET can be breached like this. .NET in itself is one of the most secure platforms around and this leak is solely the result of poor design choices.
From what I've found on the internet it seems to source of this leak is that programming code is being generated based on user input, which in itself is a very bad design decision. In addition the generated code is insufficiently scrutinized and allows miscreants to essentially execute any code they want on the SharePoint server, resulting in a complete take-over.
Software like this makes me want to weep.
> .NET in itself is one of the most secure platforms around and this leak is solely the result of poor design choices.
Unsafe deserialization in SharePoint’s ASP.NET-based components, inadequate input validation, authentication bypass, remote code execution, unsafe deserialization of untrusted data, improper limitation of a pathname ..
.NET in itself is one of the most secure platforms around
You can have something secure or you can have Microsoft products. Even after decades of development those choices remain mutually exclusive.
If you want evidence, just look at the Terabytes of fixes you download every Patch Tuesday (and now also in between, again).
There are loads of vehicles which never had their Takate airbag explode because they didn't have an accident yet.
You still better replace it with something that doesn't spew schrapnel when it has to work.
Just because you haven't been breached yet doesn't mean you're safe. We pick up on average two Microsoft account breaches a week in our supply chain, typically resulting in phishing email with the payload stored on the breached Sharepoint or Onedrive resource of that account to avoid immediate detection by the email filters.
I'm beginning to think that connection to the Internet by default is a dangerous & foolhardy idea and that it should be quickly phased out.
Why is SharePoint connected to the Internet anyway? It is a domain server. Sever it from the outside world and only connect it when needs be. Download updates manually and run them.
We need to do the same with desktop software and go back to the paradigm of the 1990s, without the modems, horrendously slow speeds and high prices for everything.
Being online all of the time is becoming irresponsible. Go online when needs be and stay offline when you can.
I’m surprised anybody ever put anything worthwhile on sharepoint. (Actually— I’m skeptical it ever happened anywhere in the world.)
To me, everything on a computer is merely a data file; if you want to share data files there’s ftp and nfs (which are a couple possible protocols for accessing a data file off a server).
“Oh, but sharepoint has this elaborate http front end interface, it’s revolutionary!” Yeah it’s a repository of data files. Same like git.
All these schemes, no matter what peculiarities they include, eventually have to give up a data file, which I extract from the “Downloads” folder and catalog somewhere on my ext4 file system, which works and isn’t stupid.
OneDrive runs on Sharepoint underneath. Teams runs on Sharepoint underneath.
Let's put it this way - if SharePoint turns out to need enough of a drastic overhaul to cause significant downstream changes, Microsoft is going to have a lot more problems than just a few SharePoint admins getting upset.
SharePoint, is one of those Microsoft products, like Access and Power Platform, that trick business units into rolling out half-assed, highly customized, completely undocumented "applications" that run adequately until the next upgrade where no one is able to figure out how to migrate or upgrade them without spending major dollars.
The demand from the business units to have these new shiny toys (other than Access which was spammed everywhere Office was) deployed immediately so they can save imaginary application development budgets right away is very high (at least in large orgs) and they are often mandated to be rolled out by the higher ups, who cave instead of allowing for a proper analysis including consolidation and proper management of these applications.
Once the person who customized them moves on, the application becomes abaondonware, is never touched again as no one knows how it works or can afford to fix them.
Essentially, they are a way of both locking organizations into these products while simultaneously committing to a big spend at later date that no one is aware of until it lands at their feet during a security incident or EOL system upgrade cycle.
I have seen many large orgs with literally, and I hate that term but it applies, tens of thousands of Access Databases ranging back to Access 97 or thousands of SharePoint sites, handed out like candy, that are often used by no-one, or maybe two or three staff.
This is an eDiscovery nightmare as any of you who have been through one of those can attest.
Apparently this is a button issue for me...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
