Microsoft flags ongoing attacks on SharePoint servers widely used by goverments and businesses, urges immediate security fixes

Microsoft has raised a serious security alert regarding active cyberattacks aimed at its SharePoint server software, commonly utilized by governments and businesses for internal document sharing. In light of these threats, the tech giant is urging users to implement patches without delay to prevent potential exploitation. In an announcement released over the weekend, Microsoft indicated that these ongoing attacks are specifically targeting on-premise SharePoint servers, leaving cloud-based services such as SharePoint Online within Microsoft 365 unharmed. The company described a vulnerability that could allow an authorized attacker to execute spoofing attacks across a network. Such spoofing methods can mask malicious activities to make them appear as though they are coming from a legitimate source, which may allow cybercriminals to alter data or illegally access sensitive systems. The Washington Post first reported on this breach, noting that attackers had executed a 'zero-day' exploit—indicating that the flaw was previously undiscovered and unpatched. The report highlighted that this vulnerability appears to have been leveraged against both U.S. and international organizations. Cybersecurity experts are estimating that tens of thousands of servers might be at risk from these attacks. In a statement on Sunday, the FBI acknowledged awareness of the situation and revealed that it is working closely with federal agencies and private sector partners to address the threat, although further details remain sparse. In response to these security concerns, Microsoft has rolled out a security update for the SharePoint Subscription Edition and is currently developing updates for SharePoint 2016 and 2019. The company has also advised organizations unable to implement malware protection to temporarily disconnect their servers from the internet until a suitable security patch becomes available. As of now, Microsoft has not provided additional information regarding the attacks' origins or specifics.