Microsoft has raised an alert about ongoing cyberattacks targeting SharePoint servers used by businesses and government agencies to manage and share internal documents. These attacks do not affect SharePoint Online (the cloud-based version in Microsoft 365), but rather on-premise servers hosted within organizations.
The issue involves a zero-day vulnerability, meaning hackers are exploiting a security flaw that was previously unknown. According to experts, this type of attack can be particularly dangerous, and tens of thousands of servers may be at risk.
Microsoft confirmed that attackers are using the flaw to carry out spoofing attacks, where cybercriminals disguise themselves as trusted entities to access sensitive systems or data. This could allow them to mislead users or systems into trusting malicious actions.
In response, Microsoft has:
- Released an immediate security patch for SharePoint Subscription Edition.
- Microsoft is developing updates for SharePoint 2016 and 2019.
- Urged users to apply the patches right away.
- Suggested that anyone who can’t apply security measures should unplug the affected servers from the internet for now.
The FBI is also aware of the attacks and is working alongside government and private partners to investigate the situation, though further details remain undisclosed.
This incident highlights the urgent need for organizations to stay updated with security patches and regularly monitor for unusual activity on internal systems.
