Microsoft has warned of active cyberattacks targeting on-premise SharePoint servers used by government agencies and businesses to share internal documents.
The company urged customers to install security updates immediately to prevent further exploitation.
The attacks do not affect SharePoint Online in Microsoft 365, which runs in the cloud, Microsoft said in a security alert issued Saturday. The company added that it has been working with CISA, the Department of Defence Cyber Defence Command, and other cybersecurity partners to respond to the threat.
The FBI confirmed on Sunday that it is aware of the attacks and is working with federal and private-sector partners, but did not share further information.
The attacks involve a zero-day vulnerability, meaning it was previously unknown before being exploited. The Washington Post reported that unknown actors had used the flaw to target U.S. and international organizations in recent days, putting tens of thousands of servers at risk.
Microsoft explained that the vulnerability allows an authorized attacker to perform spoofing over a network. In spoofing attacks, a threat actor can impersonate a trusted entity to gain access or influence operations.
The company issued specific recommendations to block the attacks and is also working on updates for the 2016 and 2019 versions of SharePoint. It advised customers who cannot implement malware protections to disconnect their servers from the internet until a fix is available.
