Microsoft confirms active cyberattacks on SharePoint servers

Microsoft has confirmed that its SharePoint server software is under active attack. The issue doesn’t affect cloud-based SharePoint in Microsoft 365, but the on-prem versions, used by many agencies and businesses, are currently exposed.

As first reported by The Washington Post, unidentified hackers recently exploited a flaw in SharePoint’s internal document-sharing system. It’s what security researchers call a “zero-day,” meaning Microsoft didn’t know about the vulnerability before it was used.

SharePoint servers in the crosshairs

This isn’t just a small breach. Experts believe tens of thousands of servers may be vulnerable. The flaw allows someone with access to impersonate legitimate users or systems, known as a spoofing attack, and infiltrate sensitive networks undetected.

Microsoft has issued urgent updates to patch the problem. But for organizations that can’t apply those fixes immediately, the advice is clear: unplug the server from the internet for now.

FBI and defense agencies are on alert

The FBI says it’s aware of the attacks and is coordinating with other federal partners. Microsoft also noted that it’s working closely with the Department of Defense’s Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense’s Cyber Defense Command (DCDC), and global cybersecurity teams.

Older versions, such as SharePoint 2016 and 2019, are being checked for compatibility with the fix. If your team still runs those versions, it’s time to pay attention. Moreover, it’s worth noting that more details about this attack are still unfolding.