Microsoft Server Software Under Attack

Microsoft Server Software Under Attack

21 July 2025

Microsoft has issued an alert regarding active exploits targeting server software used by businesses and government organisations for internal document sharing. The vulnerability affects on-premises SharePoint servers, but not the cloud-based SharePoint Online in Microsoft 365. The attackers are exploiting a flaw to perform spoofing attacks over a network. This allows malicious actors to mask their identities and impersonate trusted entities.

Microsoft has released a security update for SharePoint Subscription Edition and is developing updates for the 2016 and 2019 versions of SharePoint. In the interim, if recommended malware protection cannot be enabled, Microsoft advises customers to disconnect their servers from the internet. The FBI is aware of the attacks and is collaborating with federal and private sector partners.

Security researchers have observed active exploitation of the vulnerability, with threat actors installing webshells and exfiltrating cryptographic secrets. This enables persistent, unauthenticated access, posing a significant risk to affected organisations. Enterprises running SharePoint servers should proactively hunt for compromises.

AI generated content may differ from the original.

Published on 21 July 2025
microsoftsharepointsecurityvulnerabilityattack
  • Microsoft Bans DeepSeek App

    Microsoft Bans DeepSeek App

    Read more about Microsoft Bans DeepSeek App
  • Microsoft Launches Recall Tool

    Microsoft Launches Recall Tool

    Read more about Microsoft Launches Recall Tool
  • UK Grapples with Encryption

    UK Grapples with Encryption

    Read more about UK Grapples with Encryption
  • Microsoft Halts China-Based Engineering

    Microsoft Halts China-Based Engineering

    Read more about Microsoft Halts China-Based Engineering