Microsoft Issues Urgent Alert on SharePoint Server Zero-Day Attack
Microsoft has issued a critical security alert warning businesses and government agencies of active zero-day attacks targeting SharePoint Server software used for internal document sharing. The company urged all affected users to apply recommended security updates immediately to prevent further exploitation.
Zero-Day Exploit Puts Tens of Thousands of Servers at Risk
According to Microsoft, the ongoing cyberattacks are exploiting a previously unknown vulnerability in on-premises SharePoint Server versions, primarily 2016 and 2019. The company clarified that SharePoint Online, which is part of the Microsoft 365 cloud suite, is not affected by the exploit.
The attack is classified as a “zero-day” event, meaning hackers exploited the flaw before a patch or fix was publicly available. Microsoft confirmed that the vulnerability allows authorised attackers to perform spoofing over a network, posing as trusted users or systems.
“We’ve been coordinating closely with CISA, DOD Cyber Defense Command, and key global cybersecurity partners throughout our response,” a Microsoft spokesperson said.
FBI and Federal Agencies Respond
The FBI acknowledged the threat in a statement on Sunday, confirming that it is working with federal and private-sector partners to investigate and mitigate the breach. Details of the attack and its perpetrators remain undisclosed.
The Washington Post, which first reported the breach, said the hackers had targeted U.S. and international agencies, as well as businesses, in a widespread and highly coordinated effort.
What Is a Spoofing Attack?
A spoofing attack allows threat actors to impersonate legitimate users, systems, or services. This can lead to data theft, unauthorised system access, or manipulation of critical operations within an organisation, especially in government or financial sectors.
Microsoft’s Urgent Recommendations
Microsoft strongly advised all organisations using on-premises SharePoint servers to do the following:
- Apply the latest security updates immediately
- Enable advanced malware protection tools
- Disconnect servers from the internet if unable to apply updates or protections
- Monitor systems for suspicious network activity
The company is currently developing updates for SharePoint 2016 and 2019 to address the flaw more comprehensively.
Conclusion
With tens of thousands of enterprise servers at risk, Microsoft’s alert underscores the growing threat posed by zero-day vulnerabilities in enterprise IT systems. Businesses and agencies are urged to take swift action to secure their SharePoint environments against potential data breaches and spoofing attacks.