Microsoft fixes three SharePoint zero-day exploits used in series of cyberattacks - how to patch them

Microsoft has addressed three critical zero-day vulnerabilities in its SharePoint platform that were actively exploited by Chinese state-sponsored threat actors. The vulnerabilities, which allowed attackers to gain remote code execution on targeted systems, were used in a series of cyberattacks. Microsoft has attributed the exploitation of these flaws to three different Chinese hacking groups: Hafnium, Abouqtr, and Vikingm0d. The tech giant has released security updates to patch the vulnerabilities and urges users to apply the patches as soon as possible to protect their systems. The three zero-day vulnerabilities, tracked as CVE-2023-21712, CVE-2023-21715, and CVE-2023-21723, were discovered and addressed by Microsoft. The company has not provided details on the specific attacks or the targets, but it has emphasized the importance of applying the security updates to mitigate the risks posed by these exploits.