Microsoft has issued a critical alert warning businesses and government agencies of “active attacks” targeting SharePoint server software, a widely used platform for internal document sharing. The tech giant has urged all affected organizations to immediately install newly released security updates to safeguard their systems.
According to Microsoft, the vulnerabilities only impact on-premise versions of SharePoint Server, specifically the 2016 and 2019 editions. SharePoint Online, which is part of Microsoft 365’s cloud services, remains unaffected.
The company disclosed that attackers have been exploiting a previously unknown software flaw, commonly referred to as a “zero-day” vulnerability. This type of flaw is particularly dangerous because it offers no advance warning before it is used maliciously. Experts suggest tens of thousands of servers globally may be at risk.
“A vulnerability allows an authorized attacker to perform spoofing over a network,” Microsoft stated in its Saturday advisory. Spoofing attacks can disguise a malicious actor as a trusted user or organization, enabling unauthorized access or manipulation of sensitive data.
The alert follows a report by The Washington Post, which revealed that unidentified actors had already used the flaw to breach both U.S. and international agencies and businesses. The full extent of the attack remains unclear, though it has prompted swift action from both public and private sectors.
The FBI confirmed it is aware of the attacks and is working in collaboration with federal and private partners to investigate and mitigate the threat. No specific perpetrators or affected organizations have been publicly identified.
Microsoft emphasized its coordination with key cybersecurity partners, including the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense’s Cyber Defense Command, and global counterparts.
“If customers are unable to immediately enable the recommended protections, we strongly advise temporarily disconnecting affected servers from the internet until a security update is applied,” the company said.
This incident highlights ongoing cyber vulnerabilities in critical software infrastructure and underscores the importance of timely security patching and advanced threat detection.
Cybersecurity experts are urging organizations to act without delay. “This is not a theoretical threat, it’s an active exploit. If you’re running SharePoint on-premise and haven’t patched, you could already be compromised,” warned one analyst.
As cyberattacks grow more sophisticated, federal agencies and private companies alike are being reminded that constant vigilance and updated defense strategies remain essential in today’s digital landscape.
Written By Rodney Mbua
