Microsoft has issued a critical security alert warning of “active attacks” targeting on-premise SharePoint servers used by government agencies and businesses for internal document sharing. The tech giant urged all affected customers to immediately apply newly released security updates to prevent exploitation.
The U.S. Federal Bureau of Investigation (FBI) confirmed on Sunday that it is aware of the attacks and is collaborating with both federal and private-sector partners to assess the situation, though it declined to share further details.
In its Saturday alert, Microsoft clarified that only on-premise SharePoint servers are affected by the attacks. SharePoint Online, part of the cloud-based Microsoft 365 suite, remains secure and has not been targeted.
According to The Washington Post, which first reported the breach, unknown actors recently exploited a zero-day vulnerability — a previously unknown flaw — to carry out sophisticated cyberattacks on both U.S. and international organizations. Cybersecurity experts estimate that tens of thousands of servers could be at risk.
Microsoft explained that the vulnerability enables network spoofing, where an authorized attacker can impersonate trusted identities over a network. Such spoofing can be used to deceive financial institutions, agencies, or individuals by posing as legitimate entities.
To counter the threat, Microsoft has released a security patch for SharePoint Subscription Edition and strongly advised users to install it immediately. The company is also developing patches for SharePoint 2016 and 2019.
For users who cannot yet implement the recommended security measures, Microsoft advises disconnecting vulnerable servers from the internet as a temporary safeguard.
This latest warning highlights the growing cyber threats facing critical enterprise infrastructure and underscores the urgency of prompt software updates to avoid exploitation.
