A critical flaw in Microsoft SharePoint is being actively exploited by attackers, putting tens of thousands of government and corporate servers at risk of infiltration through spoofing attacks.
The vulnerability affects only on-premise versions of SharePoint, which many organisations use to manage internal documents and communication.
Microsoft confirmed that cloud-based SharePoint Online, part of Microsoft 365, is not impacted.
According to Microsoft’s security alert, the vulnerability “allows an authorised attacker to perform spoofing over a network.”
This type of attack enables an intruder to impersonate a trusted user or system, potentially leading to unauthorised access, manipulation of data, or broader compromise.
Read More
The company said it has already released updates and strongly encouraged customers to install them immediately.
For those unable to deploy the necessary malware protection, Microsoft recommended taking servers offline until updates become available for SharePoint 2016 and 2019.
The breach, first reported by The Washington Post, involves a “zero day” exploit—meaning the attackers took advantage of the flaw before Microsoft or security teams were aware of it.
The report noted that unknown actors had already used the vulnerability to target U.S. and international agencies and businesses in recent days.
Microsoft said it is actively working with international cybersecurity partners to mitigate the impact.
“We’ve been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response,” Microsoft said.
The Federal Bureau of Investigation confirmed it is monitoring the situation and cooperating with both government and private-sector partners. However, no further details were made public.
As organisations assess their exposure, Microsoft has stressed that immediate action is necessary to prevent further exploitation of vulnerable systems.
-1753097277.jpg)
-1751118267.jpg)
