SharePoint Security Scare: Microsoft Warns of Active Zero-Day Cyberattack
Microsoft has issued a critical warning regarding an ongoing cyberattack targeting on-premises SharePoint server software used by both public and private organizations. The company confirmed that the breach does not affect its cloud-based Microsoft 365 services. The alert was reported by Reuters.
According to Microsoft, the incident involves a “zero-day” vulnerability—an unknown flaw previously unpatched—exposing numerous organizations worldwide to potential security risks.
The vulnerability allows authorized attackers to carry out "spoofing" within the network, meaning they can impersonate trusted entities to access and steal sensitive data. “An attacker could exploit this flaw to pose as a legitimate user or service within the network,” Microsoft stated.
The U.S. Federal Bureau of Investigation (FBI) acknowledged awareness of the breach and confirmed that an active investigation is underway.
In light of the threat, Microsoft has urged all customers using on-premises SharePoint servers to implement security patches immediately. The company also advised organizations to disconnect affected systems from the internet if necessary to contain the breach.
