WASHINGTON: Microsoft has issued an urgent warning about active cyberattacks targeting SharePoint servers used by businesses and government agencies.
The company advised immediate security updates to mitigate risks.
The FBI confirmed awareness of the attacks and collaboration with federal and private-sector partners but provided no further details.
Microsoft clarified that the vulnerabilities affect only on-premises SharePoint servers, not cloud-based SharePoint Online in Microsoft 365.
According to The Washington Post, unidentified hackers exploited a previously unknown flaw in recent days, launching a “zero-day” attack that endangered tens of thousands of servers.
The attackers used spoofing techniques to disguise their identities and pose as trusted entities, potentially manipulating financial markets or sensitive agencies.
Microsoft released a security update for SharePoint Subscription Edition and is developing patches for SharePoint 2016 and 2019.
Organizations unable to implement malware protections were advised to disconnect affected servers from the internet until fixes are available. - AFP
