Microsoft has warned of “active attacks” targeting SharePoint server software used by government agencies and businesses, urging immediate installation of security updates to prevent further exploitation.
In a security alert released on Saturday, the technology firm said the vulnerability affects only SharePoint servers deployed within organisations. SharePoint Online, which operates on the Microsoft 365 cloud platform, remains unaffected. The company has recommended that customers apply the updates without delay.
“We’ve been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response,” a Microsoft spokesperson stated.
The FBI confirmed on Sunday that it is aware of the cyber attacks and is working “closely with its federal and private-sector partners,” though it did not provide additional details.
The Washington Post, which first broke the story, reported that unknown attackers had exploited a flaw in the software over recent days, targeting both U.S. and international agencies and organisations. Experts cited by the newspaper referred to the incident as a “zero day” attack, meaning the exploit was previously unknown, placing tens of thousands of servers at risk.
According to Microsoft, the flaw “allows an authorised attacker to perform spoofing over a network.” The company provided guidance to help prevent continued exploitation.
A spoofing attack involves a malicious actor disguising their identity to appear as a legitimate person, organisation, or website, potentially allowing them to manipulate systems or access sensitive data.
Microsoft further stated that it is developing updates for SharePoint 2016 and 2019 versions. For customers unable to enable recommended malware protections, the company advised disconnecting affected servers from the internet until the patches are available.
Email your news TIPS to Editor@nairobilawmonthly.com, and to advertise with us, call +254715061658 anytime of the day
