Microsoft Warns of Active Attacks on SharePoint Servers
Microsoft has issued a critical alert regarding ongoing “active attacks” targeting server software used by government agencies and businesses for internal document sharing. The company has urged customers to apply security updates immediately to mitigate the risks associated with these threats.
The Federal Bureau of Investigation (FBI) confirmed that it is aware of the attacks and is collaborating with federal and private-sector partners. However, the agency has not provided additional details about the nature or scope of the incidents.
In an alert released on Saturday, Microsoft clarified that the vulnerabilities specifically affect SharePoint servers deployed within organizations. It emphasized that SharePoint Online, part of Microsoft 365, which operates in the cloud, remains unaffected by these attacks.
According to The Washington Post, which first reported the incident, unidentified actors have exploited a flaw in recent days to launch attacks targeting both U.S. and international agencies and businesses. These attacks are classified as “zero-day” exploits, meaning they target previously unknown vulnerabilities. Experts suggest that tens of thousands of servers may be at risk.
Microsoft has not yet responded to requests for comment, but the company has outlined steps that users should take to protect their systems. The vulnerability allows an authorized attacker to perform network-based spoofing, potentially enabling them to impersonate trusted entities.
Spoofing attacks can have serious consequences, including manipulation of financial markets or interference with government operations. Attackers can hide their identities and appear as legitimate individuals, organizations, or websites, making such attacks particularly dangerous.
On Sunday, Microsoft released a security update for the SharePoint Subscription Edition. The company strongly advises customers to apply this update as soon as possible. Additionally, Microsoft is working on updates for older versions of SharePoint, specifically the 2016 and 2019 editions.
For organizations unable to enable recommended malware protection, Microsoft has advised disconnecting their servers from the internet until the necessary security updates are available. This precaution is intended to prevent further exploitation of the vulnerability.
Key Recommendations from Microsoft
- Apply the latest security update for SharePoint Subscription Edition immediately.
- Monitor for updates on the 2016 and 2019 versions of SharePoint.
- Implement malware protection if possible.
- Disconnect affected servers from the internet if protection measures cannot be enabled.
As the situation continues to evolve, organizations are encouraged to stay informed and follow Microsoft’s guidance closely. The company remains committed to addressing the issue and ensuring the security of its users’ data and infrastructure.
