Microsoft has issued a critical alert about active cyberattacks targeting its on-premises SharePoint server software, which is widely used by businesses and government agencies to manage internal documents and facilitate collaboration.
In a security advisory released on Saturday, the company warned that attackers are exploiting a previously unknown vulnerability, known as a zero-day flaw, that allows an authorized user to perform spoofing attacks over a network. The cloud-based version of SharePoint, included in Microsoft 365, is not affected.
The alert comes after The Washington Post reported that unidentified threat actors have recently launched attacks aimed at both U.S. and international organizations. Security experts estimate that tens of thousands of servers may be at risk.
The FBI confirmed on Sunday that it is aware of the situation and is working with federal and private-sector partners to address the threat. However, it did not provide specific details about the scope or origin of the attacks.
Microsoft stated that it has released a security update for SharePoint Subscription Edition and strongly urged customers to apply the patch immediately. Updates for SharePoint 2016 and 2019 are still in development. For organizations unable to implement the recommended malware protection, Microsoft advises disconnecting vulnerable servers from the internet until a fix is available.
Spoofing attacks can be used to impersonate trusted sources such as agencies or financial institutions, potentially leading to unauthorized access, data theft, or system manipulation.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Microsoft has not yet issued further comments beyond its public advisory.
