Microsoft flags ongoing attacks on SharePoint servers widely used by goverments and businesses, urges immediate security fixes

Microsoft has issued a security warning over ongoing cyberattacks targeting its SharePoint server software, which is widely used by government agencies and businesses for internal document sharing. The company is advising customers to apply patches immediately to avoid exploitation.

In an alert published on Saturday, Microsoft confirmed that the attacks are active and impact only on-premise SharePoint servers. Cloud-based versions, such as SharePoint Online within Microsoft 365, are not affected. The company said the flaw enables a vulnerability that “allows an authorised attacker to perform spoofing over a network.”

Spoofing attacks involve disguising malicious activity to appear as if it originates from a trusted source, potentially enabling hackers to manipulate data or gain unauthorised access to systems.

The breach was first reported by The Washington Post, which noted that attackers had launched a “zero-day” exploit, meaning the vulnerability was previously unknown and unpatched. The report said the flaw had been used to target both US and international agencies and businesses. Cybersecurity experts estimate tens of thousands of servers could be at risk.

The FBI said in a statement on Sunday that it is aware of the attacks and is coordinating closely with other federal agencies and private partners. No further details were provided.

In response, Microsoft has released a security update for the SharePoint Subscription Edition and is actively working on updates for SharePoint 2016 and 2019. It advised organisations that cannot implement malware protection to disconnect their servers from the internet until a security patch becomes available.

Microsoft has not commented further on the nature or origin of the attacks.