News

Microsoft Warns of Global Attacks Targeting SharePoint Servers

Published
Nigora Umarova
Nigora Umarova
International Department Journalist
Microsoft Technology
The company has released patches and is urging all users to apply them without delay
microsoft
Microsoft clarified that only self-hosted SharePoint servers are affected. Photo: Reuters

Microsoft has issued an urgent security warning following a wave of cyberattacks targeting SharePoint servers used by government bodies and businesses to manage internal document sharing. The attacks have exploited a critical vulnerability in on-premises SharePoint software, prompting the tech company to release immediate security updates, Reuters reports.

The FBI confirmed on Sunday that it is aware of the attacks and is collaborating with federal and private-sector partners, although further details were not disclosed. Microsoft clarified that only self-hosted SharePoint servers are affected — the cloud-based SharePoint Online, part of Microsoft 365, remains secure.

On-Premises Servers at Risk from «Zero-Day» Exploit

«We’ve been working closely with CISA, the Department of Defense Cyber Defence Command and international cybersecurity partners as part of our response,» a Microsoft spokesperson stated.

The company has released patches and is urging all users to apply them without delay.

According to The Washington Post, which first reported the breach, the attacks unfolded over recent days and involved a previously unknown flaw, making this a so-called «zero-day» exploit. Cybersecurity experts warned that tens of thousands of servers could be exposed. The attackers reportedly used the flaw to conduct spoofing — a method that allows them to impersonate legitimate users or systems within a network.

Microsoft explained that the flaw permits a valid but malicious user to conduct spoofing operations across a network. These types of attacks can have serious consequences, including the manipulation of information, unauthorised access or the disruption of essential services.

The company is also working to provide security updates for older versions of SharePoint, including the 2016 and 2019 releases. In the meantime, it strongly advises organisations unable to implement malware defences to disconnect vulnerable servers from the internet until updates can be installed.

Kursiv earlier wrote on how Microsoft became a tech empire after starting as a small garage startup.

Related Materials
Microsoft Eyes $4 Trillion Valuation Amid AI and Cloud Boom
Microsoft: From a Garage Startup to a Tech Empire
Read also