Microsoft Warns of Ongoing Attacks Linked to SharePoint File Sharing Software Vulnerability

Microsoft has issued a warning regarding “active attacks” targeting server software utilized by government agencies and businesses for document sharing within organizations. The company has recommended that customers apply security updates immediately. The FBI acknowledged awareness of these attacks and confirmed its collaboration with federal and private-sector partners, although no further details were provided. In a Saturday alert, Microsoft clarified that the vulnerabilities specifically affect SharePoint servers deployed within organizations, while SharePoint Online, part of Microsoft 365 hosted in the cloud, remains unaffected.

A Microsoft spokesperson noted, “We’ve been coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners globally throughout our response.” The company stressed the importance of installing the security updates it has issued. The Washington Post reported that unidentified actors exploited a vulnerability to conduct attacks targeting U.S. and international agencies and businesses over the past few days. This type of attack is referred to as a “zero day” attack as it exploits a previously unknown vulnerability. Experts have indicated that tens of thousands of servers could be at risk.

In its alert, Microsoft described a vulnerability that “allows an authorized attacker to perform spoofing over a network,” and provided recommendations to prevent the exploitation of this flaw. In a spoofing attack, an attacker can manipulate financial markets or government agencies by disguising their identity, making them appear as a legitimate entity. Microsoft also announced that it is developing updates for the 2016 and 2019 versions of SharePoint. For those who cannot enable the recommended malware protection, the company advised disconnecting servers from the internet until a security update is made available.