Key Takeaways:
- Microsoft confirms attacks targeting on-premise SharePoint servers via a zero-day flaw.
- Cloud-based SharePoint Online remains unaffected.
- Immediate patching advised; FBI is monitoring the situation.
Microsoft Alerts Organisations to SharePoint Vulnerability
Microsoft has issued a critical security alert following active cyberattacks on its SharePoint server software used widely by governments and businesses for internal document sharing. The company has urged customers to apply the latest security update without delay.
The vulnerability, described as a zero-day exploit, affects only SharePoint servers hosted within organisations, not SharePoint Online hosted on Microsoft 365. The FBI is also aware of the breach and is coordinating with federal and private sector partners.
What Is at Risk
The flaw enables attackers to perform “spoofing” attacks. In such attacks, malicious actors disguise themselves as trusted users or systems to gain access or manipulate data. Microsoft stated the issue could allow an authorised attacker to impersonate other users over a network.
Security experts believe the flaw has already been used to target several US and international agencies and businesses. Tens of thousands of servers could be vulnerable if left unpatched.
Microsoft’s Response and Recommendations
Microsoft issued a patch for SharePoint Subscription Edition and said updates for the 2016 and 2019 versions are in progress. Organisations that are unable to deploy the update or enable recommended malware protection are advised to disconnect affected servers from the internet as a precaution.
The alert also advised IT teams to follow standard mitigation practices, such as monitoring suspicious traffic and ensuring server-level security configurations are current.
Microsoft has not commented further but is continuing to assess the situation.
Implications for IT Teams and Vendors
The incident highlights the security risks associated with on-premise software infrastructure, particularly for large organisations and government agencies. While cloud platforms tend to benefit from faster, centralised updates, local servers require manual patching and proactive risk management.
IT vendors and rental providers supporting businesses with SharePoint deployments should act quickly to assess exposure, assist clients with patching, and update incident response plans.
As cyberattacks targeting enterprise tools increase in frequency and sophistication, system administrators will need to balance the benefits of on-premise control with the speed and scalability of cloud-based security updates.
