Microsoft has raised an alert about active cyberattacks targeting its SharePoint server software used by businesses and government agencies to share documents internally. The company has advised users to apply security updates immediately to prevent further exploitation.
The alert, issued on Saturday, highlights that the attacks affect only on-premise SharePoint servers and do not impact SharePoint Online used in Microsoft 365 cloud services. According to Microsoft, the vulnerability being exploited allows an authorized attacker to carry out spoofing over a network.
“We’ve been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response,” said a Microsoft spokesperson. The company has released security patches and urged customers to install them without delay.
The Federal Bureau of Investigation has acknowledged awareness of the attacks and confirmed it is working with federal and private-sector partners, though it has not shared specific details yet.
The recent attacks are described as a “zero day” threat, meaning they are based on a previously unknown software vulnerability. The attackers, whose identities remain undisclosed, have reportedly exploited this flaw in the past few days to target agencies and businesses in the United States and abroad. Experts estimate that tens of thousands of servers could be at risk.
Spoofing attacks allow bad actors to disguise themselves as trusted entities, potentially leading to serious consequences such as market manipulation or internal system breaches. Microsoft noted that it is working on updates for the 2016 and 2019 versions of SharePoint. In the meantime, it advised that if organizations are unable to apply recommended protections, they should disconnect their servers from the internet until updates are available.
Also read:Â Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
