Microsoft Warns Businesses and Governments of Server Software Cyberattack

Microsoft has issued an alert about ongoing "zero-day" cyberattacks targeting on-premise SharePoint servers used by governments and businesses to share documents internally. The cloud-based SharePoint Online in Microsoft 365 is unaffected. Hackers exploited a previously unknown vulnerability, putting tens of thousands of servers at risk. The FBI is aware and collaborating with partners. Microsoft stated the flaw allows attackers to perform spoofing over networks, posing as trusted entities. A security update has been released for SharePoint Subscription Edition, with patches for 2016 and 2019 versions underway. Customers are urged to apply updates or disconnect affected servers from the internet immediately.