Microsoft has issued an alert regarding active exploits targeting server software used by businesses and government organisations for internal document sharing. The vulnerability affects on-premises SharePoint servers, but not the cloud-based SharePoint Online in Microsoft 365. The attackers are exploiting a flaw to perform spoofing attacks over a network. This allows malicious actors to mask their identities and impersonate trusted entities.
Microsoft has released a security update for SharePoint Subscription Edition and is developing updates for the 2016 and 2019 versions of SharePoint. In the interim, if recommended malware protection cannot be enabled, Microsoft advises customers to disconnect their servers from the internet. The FBI is aware of the attacks and is collaborating with federal and private sector partners.
Security researchers have observed active exploitation of the vulnerability, with threat actors installing webshells and exfiltrating cryptographic secrets. This enables persistent, unauthenticated access, posing a significant risk to affected organisations. Enterprises running SharePoint servers should proactively hunt for compromises.
Related Articles
Microsoft Bans DeepSeek App
Read more about Microsoft Bans DeepSeek App →Microsoft Launches Recall Tool
Read more about Microsoft Launches Recall Tool →UK Grapples with Encryption
Read more about UK Grapples with Encryption →Microsoft Halts China-Based Engineering
Read more about Microsoft Halts China-Based Engineering →