Jean-Luc Ichard/iStock Editorial via Getty Images
Microsoft (NASDAQ:MSFT) is warning of “active attacks” targeting its SharePoint server software, used widely by government agencies and businesses to share documents internally.
The company has issued a security patch to “mitigate active attacks targeting on-premises servers” and urged customers to install it immediately to protect against a serious vulnerability.
The attacks, described as “zero-day” exploits, target a previously unknown flaw in on-premises versions of SharePoint—specifically the 2016 and 2019 editions. Microsoft emphasized that its cloud-based SharePoint Online, part of Microsoft 365, is not affected.
In an alert, Microsoft said the vulnerability “allows an authorized attacker to perform spoofing over a network,” potentially disguising themselves as a trusted entity to manipulate systems or data. The company advised customers unable to apply the fix right away to disconnect their servers from the internet as a precaution.
The FBI confirmed it is aware of the attacks and is coordinating with federal agencies and private-sector partners. Microsoft said it has been working closely with CISA, the Department of Defense Cyber Defense Command, and global cybersecurity organizations in response to the threat.
According to the Washington Post, which first reported the breach, the hackers exploited the flaw in recent days to target U.S. and international agencies and enterprises. Cybersecurity experts estimate tens of thousands of servers could be at risk.