REDMOND, Washington — Microsoft (MSFT.O) has issued an urgent alert regarding “active attacks” targeting its SharePoint server software, which is widely utilized by government agencies and businesses for internal document sharing. The company strongly recommends that customers apply immediate security updates to mitigate the threat.
The Federal Bureau of Investigation (FBI) acknowledged awareness of the ongoing attacks on Sunday, stating it is collaborating closely with its federal and private-sector partners, though no further details were provided.
In an alert disseminated on Saturday, Microsoft clarified that the vulnerabilities exclusively affect SharePoint servers deployed within organizations. The company confirmed that its cloud-based service, SharePoint Online in Microsoft 365, has not been impacted by these attacks.
“We’ve been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response,” a Microsoft spokesperson stated, reiterating the company’s issuance of security updates and urging immediate installation by customers.
The Washington Post, which initially reported on the breaches, indicated that unidentified actors had exploited a previously unknown flaw in recent days to launch an attack specifically targeting U.S. and international agencies and businesses.
Experts cited by the newspaper characterized the incident as a “zero-day” attack, referring to its exploitation of a vulnerability that was previously unknown to the software vendor. Tens of thousands of servers were reportedly at risk.
Also Read: US warns citizens of ‘intrusive’ new cyber security law in Zambia
Microsoft’s alert detailed that a vulnerability “allows an authorized attacker to perform spoofing over a network.” The company provided recommendations aimed at preventing attackers from exploiting this flaw.
In a spoofing attack, malicious actors can manipulate entities like financial markets or agencies by concealing their true identity and impersonating a trusted individual, organization, or website.
Earlier, Microsoft had announced its work on updates for the 2016 and 2019 versions of SharePoint. The company further advised that if customers are unable to enable the recommended malware protection, they should disconnect their servers from the internet until a security update becomes available.
