Microsoft today issued an urgent security alert over active cyberattacks on SharePoint servers. Microsoft said the active cyberattacks are targeting on-premises SharePoint server software, commonly used by government agencies and businesses for internal document sharing. The company has urged affected customers to immediately apply security updates to protect their systems.
In a statement, Microsoft clarified that the attacks are limited to self-hosted SharePoint servers, and SharePoint Online. Nonetheless, the cloud-based version available through Microsoft 365 has not been affected.
“We’ve been coordinating closely with CISA, DOD Cyber Defense Command, and global cybersecurity partners in our response,” a Microsoft spokesperson said, emphasizing the importance of installing the newly released security patches without delay.
The FBI confirmed on Sunday that it is aware of the situation and is working alongside both federal agencies and private-sector partners, though it did not provide additional details.
According to The Washington Post, which first broke the story, the cyberattack exploited a “zero-day” vulnerability — a flaw previously unknown to the software vendor — to breach systems across multiple U.S. and international organizations. Experts estimate that tens of thousands of servers may be vulnerable.
Nature of the Vulnerability
Microsoft explained that the flaw “allows an authorized attacker to perform spoofing over a network.” In a spoofing attack, the attacker disguises their identity to appear as a trusted source—such as a familiar website or agency—to deceive the target and gain unauthorized access or manipulate data.
To mitigate the threat, Microsoft has issued detailed technical recommendations and advised that if organizations cannot immediately enable malware protection, they should consider disconnecting vulnerable servers from the internet until updates can be applied.
Versions Affected
Microsoft is actively working on releasing updates for SharePoint 2016 and SharePoint 2019, which are widely used in both public and private sectors. The company stressed the critical nature of the exploit and recommended prioritizing the security of these systems to prevent breaches.
As cyber threats targeting government and enterprise systems become increasingly sophisticated, this latest incident underscores the urgent need for continuous vigilance, timely patching, and collaboration between the public and private sectors to protect digital infrastructure.
