News In Brief Media and Infotainment
News In Brief Media and Infotainment

Microsoft Warns Businesses, Governments of Active Attacks on SharePoint Servers

Share Us

199
Microsoft Warns Businesses, Governments of Active Attacks on SharePoint Servers
21 Jul 2025
5 min read

News Synopsis

In a major cybersecurity development, Microsoft has sounded an alarm about “active attacks” targeting its SharePoint server software, widely used by enterprises and government bodies to manage internal document sharing. The alert is of critical importance, especially for organizations running on-premises SharePoint servers, as these systems are now under siege due to a newly discovered zero-day vulnerability.

“Microsoft has issued an alert about ‘active attacks’ on server software used by government agencies and businesses to share documents within organizations, and recommended security updates that customers should apply immediately.”

FBI, Microsoft, and Global Agencies Collaborate to Address Ongoing Threat

The Federal Bureau of Investigation (FBI) confirmed it is actively monitoring the situation. A spokesperson said:

“The FBI said on Sunday it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details.”

According to Microsoft's alert, only on-premises SharePoint servers are affected. Fortunately, SharePoint Online, the cloud-based version included in Microsoft 365, remains unaffected.

“In an alert issued on Saturday, Microsoft said the vulnerabilities apply only to SharePoint servers used within organizations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks.”

Coordinated Global Cybersecurity Efforts Underway

Microsoft Working With CISA, DOD, and Global Cybersecurity Partners

“We’ve been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response,” a Microsoft spokesperson said, adding that the company had issued security updates and urged customers to install them immediately.

The Nature of the Threat: A Zero-Day Exploit

According to The Washington Post, which first broke the story, unknown cyber actors had recently exploited a serious software flaw to launch a targeted attack. The nature of this exploit is especially alarming:

“The hack is known as a ‘zero day’ attack because it targeted a previously unknown vulnerability,”

Security experts cited by the newspaper note that tens of thousands of servers may be vulnerable due to the widespread use of SharePoint in both public and private sectors.

Understanding the Exploit: What is a Spoofing Attack?

Technical Breakdown of the Vulnerability

In its security bulletin, Microsoft provided more detail about the specific nature of the exploit:

“In the alert, Microsoft said that a vulnerability ‘allows an authorized attacker to perform spoofing over a network.’ It issued recommendations to stop the attackers from exploiting it.”

What is Spoofing?

A spoofing attack is a form of cyber intrusion where an attacker impersonates a legitimate entity — such as a trusted person, organization, or website — to gain unauthorized access, manipulate data, or deceive users. In high-stakes environments, spoofing can result in financial losses, information leaks, or even manipulation of government systems.

“In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor’s identity and appearing to be a trusted person, organization or website.”

Microsoft Urges Immediate Security Measures

Patch Available for SharePoint 2016 & 2019

Microsoft has already initiated work on fixes for the SharePoint 2016 and 2019 versions. Organizations using these versions are advised to deploy the latest updates without delay.

“Earlier, Microsoft said it is working on updates to 2016 and 2019 versions of SharePoint.”

Disconnect if You Can’t Patch

Microsoft also issued a severe caution for organizations unable to implement the malware protection measures:

“If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it added.”

Conclusion: A Wake-Up Call for Enterprise Security

This incident serves as a stark reminder of the growing sophistication of cyberattacks and the need for constant vigilance. While Microsoft, the FBI, and global cybersecurity entities coordinate to neutralize the threat, businesses and government agencies must act swiftly to secure their systems, apply patches, and review internal protocols to defend against future intrusions.

You May Like

TWN Exclusive