Microsoft has issued an urgent warning about active attacks targeting its server software used by government agencies and businesses for internal file sharing. The company advises customers to apply the security update immediately. The FBI is aware of these attacks and is collaborating with federal and private sector partners, though further details have not been disclosed.
According to Microsoft's alert, the vulnerabilities affect only SharePoint servers used internally by organizations. SharePoint Online, part of Microsoft 365, remains unaffected. Recent reports indicate that unidentified hackers have exploited a previously unknown vulnerability, launching attacks on U.S. and international agencies and businesses. This type of "zero-day" attack poses a risk to thousands of servers.
Microsoft explained that the vulnerability allows authorized attackers to perform spoofing on the network. The company has provided guidance on preventing these exploits, as spoofing attacks enable attackers to impersonate trusted entities, potentially manipulating financial markets or institutions.
The company has released a security update for SharePoint Subscription Edition and urges users to apply it immediately. Updates for SharePoint 2016 and 2019 are also underway. If customers cannot enable the recommended malware protection, they should disconnect their servers from the internet until the security updates are available.