Microsoft Warns of Zero-Day Cyberattacks on SharePoint Servers Affecting Governments, Businesses

Microsoft has issued an urgent alert about “active attacks” targeting its SharePoint server software, which is widely used by government agencies and businesses to share documents internally. The company urged customers to immediately install critical security updates to mitigate the risks.

The FBI confirmed it is aware of the cyberattacks and is coordinating with federal and private-sector partners, although specific details were not disclosed. The attacks are reportedly not affecting SharePoint Online users via Microsoft 365, as the cloud-based platform remains secure.

According to Microsoft, the attacks exploit a previously unknown vulnerability in SharePoint servers, a so-called “zero-day” attack, making the threat especially dangerous. The Washington Post, which broke the news, said tens of thousands of servers may be exposed worldwide.

The vulnerability allows an authorized attacker to conduct spoofing over a network. Spoofing attacks involve an attacker disguising themselves as a trusted source, potentially manipulating communications or gaining unauthorized access to sensitive data and systems.

Microsoft is working on patches for SharePoint Server 2016 and 2019 versions. In the meantime, organizations that cannot activate Microsoft’s recommended protections are advised to disconnect affected servers from the internet to prevent potential exploitation until fixes are available.

Source: Reuters