Microsoft has issued an urgent security alert regarding “active attacks” targeting SharePoint server software used by government agencies and private businesses to share documents internally. The tech giant is urging affected customers to apply recommended security updates immediately.
The FBI confirmed on Sunday that it is aware of the attacks and is working closely with federal and private-sector partners, though it did not release further details.
In a security advisory issued Saturday, Microsoft clarified that the vulnerabilities apply specifically to on-premises SharePoint servers. SharePoint Online, the cloud-based version included in Microsoft 365, is not affected.
According to The Washington Post, which first reported the incident, unidentified actors exploited a previously unknown flaw—known as a “zero-day” vulnerability—to launch attacks targeting U.S. and international agencies and organizations. Cybersecurity experts say tens of thousands of servers could be at risk.
Microsoft stated that the vulnerability “allows an authorized attacker to perform spoofing over a network,” potentially enabling the attacker to impersonate trusted users or systems. Spoofing attacks can be used to manipulate systems, steal data, or spread malware under the guise of legitimate entities.
The company has released a security update for the SharePoint Subscription Edition and strongly advises customers to implement it immediately. Microsoft is also developing security patches for SharePoint 2016 and 2019 versions.
In the meantime, customers who are unable to activate the recommended malware protection tools are advised to temporarily disconnect affected servers from the internet until patches become available.
Microsoft has not yet responded to media requests for further comment.
Carlo Juancho FuntanillaFrontend Developer, WordPress, Shopify
Contributing Editor
AMA ACLC San Pablo
- Carlo Juancho Funtanilla
- Carlo Juancho Funtanilla
- Carlo Juancho Funtanilla
- Carlo Juancho Funtanilla
