Microsoft has issued a high-priority security alert over ongoing cyberattacks targeting its SharePoint server software. The company urged affected users to apply critical security updates immediately to prevent further exploitation.
The company revealed that the vulnerability impacts only on-premises SharePoint servers used within organisations for internal document sharing. Microsoft clarified that SharePoint Online, the cloud-based version included in Microsoft 365, remains unaffected by the attacks.
In its advisory issued on Saturday, Microsoft warned that the flaw enables an authorised attacker to carry out spoofing attacks across a network. These attacks can allow malicious actors to impersonate trusted individuals or systems, potentially compromising sensitive operations.
Spoofing attacks can have wide-ranging consequences, including unauthorised access to internal systems or the manipulation of data and communications. By disguising themselves as legitimate sources, attackers can evade detection and cause significant operational disruptions.
The incident has been identified as a “zero-day” attack, meaning it exploited a vulnerability that was previously unknown to Microsoft or cybersecurity researchers. According to The Washington Post, which first reported the breach, both US and international government agencies and businesses have been targeted in recent days.
Reports noted the FBI confirmed that it is aware of the ongoing attacks and is coordinating with federal agencies and private sector partners. However, it did not disclose further details on the identity of the attackers or the extent of the breach.
Microsoft responded by releasing a security update for SharePoint Subscription Edition and is currently working on patches for SharePoint 2016 and 2019. Organisations unable to apply the recommended protections are advised to disconnect affected servers from the internet until fixes become available.
(Source: Reuters, The Washington Post)
