Microsoft warns of active cyber attacks targeting local 'SharePoint' servers

Microsoft has issued an urgent warning about cyber attacks exploiting security vulnerabilities in local 'SharePoint' servers used by government agencies and companies, urging customers to apply security updates immediately to avoid the risks of breaches.

The company confirmed that the discovered vulnerabilities do not affect 'SharePoint Online' service under the 'Microsoft 365' cloud platform, indicating that the attacks exclusively target local servers.

The 'Washington Post' revealed that unknown entities exploited a previously unknown security vulnerability ('zero-day' type) to launch attacks against servers belonging to American and international entities, putting tens of thousands of systems at risk of being breached.

According to Microsoft, the vulnerability allows attackers to 'impersonate over the network,' enabling the intruder to pose as a trusted entity to access sensitive data and systems, potentially leading to fraudulent or disruptive activities, such as data manipulation or disabling digital infrastructure.

The Federal Bureau of Investigation (FBI) announced its awareness of the attacks and is collaborating with government and private partners to address them, without disclosing further details.

Microsoft emphasized the immediate need to install security updates, especially for SharePoint 2016 and 2019 versions, for which the company is working on additional updates. It also advised institutions unable to apply updates to temporarily disconnect servers from the internet until the necessary fixes are available.