Microsoft Warns Businesses and Governments of Server Software Cyberattack

Microsoft has issued a high-priority security alert warning of active cyberattacks targeting on-premise SharePoint server software, which is widely used by government agencies and businesses for internal document sharing and collaboration. According to Microsoft, the cloud-based SharePoint Online—a part of Microsoft 365—is not affected by these attacks.

The alert, released on Saturday, emphasized that attackers are exploiting a previously unknown vulnerability, a type of cyber threat known as a "zero-day" attack. These kinds of attacks are especially dangerous because they occur before the software vendor becomes aware of the flaw, leaving systems defenseless until a patch is issued. This particular vulnerability, Microsoft says, allows an authorized attacker to perform spoofing over a network, enabling them to impersonate trusted users, organizations, or websites. Spoofing can have serious consequences, including unauthorized access, financial manipulation, or the disruption of sensitive operations.

The Washington Post first reported the hacks, citing that unidentified malicious actors have recently exploited the flaw to attack U.S. and international government agencies and businesses. Although no specific attackers or affected organizations have been publicly named, the report states that tens of thousands of servers could be at risk globally.

On Sunday, the Federal Bureau of Investigation (FBI) confirmed that it is aware of the situation and is actively working in coordination with its federal partners and the private sector to investigate and mitigate the issue. However, the FBI did not disclose further details on the scope or impact of the attack.

Microsoft has taken urgent steps to contain the threat. It has released a security update for the SharePoint Subscription Edition and strongly advised all affected customers to install it without delay. The company is also currently developing patches for SharePoint 2016 and SharePoint 2019 versions, which are also vulnerable to this exploit.

In the interim, Microsoft has offered critical guidance for organizations that may not yet be able to apply the patch or enable recommended malware protection. It advises these customers to disconnect affected servers from the internet to prevent further exposure until security updates become available.

The company’s alert underlines the importance of rapid action to prevent further exploitation, particularly given the widespread use of SharePoint in managing sensitive data across multiple sectors. While Microsoft has not publicly commented further beyond the security alert, the urgency of their response reflects the potential seriousness of the threat.

Organizations using on-premise SharePoint installations are urged to remain vigilant, apply patches immediately when available, and monitor their systems for any suspicious activity. Given the nature of the spoofing vulnerability, even authorized users on a network could be used as vectors for exploitation, making the risk especially challenging to contain without swift preventative measures.

This incident once again highlights the critical importance of timely software updates, layered security defenses, and collaboration between the public and private sectors to defend against increasingly sophisticated cyberattacks targeting enterprise infrastructure.