Microsoft has warned government agencies and enterprises of an ongoing cyberattack campaign exploiting a vulnerability in on-premise SharePoint servers. The attack, which leverages a flaw that allows authorized users to conduct spoofing over internal networks, affects only on-premise installations—not the cloud-based SharePoint Online under Microsoft 365.
The company issued the alert over the weekend, recommending immediate application of its latest security updates. For users unable to implement the patches right away, Microsoft advises disconnecting affected servers from the internet to prevent further exploitation. The advisory specifically applies to SharePoint 2016 and 2019 versions, which remain widely deployed across both public and private sectors.
Also read: CBI Busts ₹Scam Ring Posing as Microsoft Support
The vulnerability has been categorized as a “zero-day” by experts, referring to the absence of prior awareness or mitigation before attackers began exploiting it. Microsoft noted that tens of thousands of systems could be exposed, based on current usage patterns.
U.S. agencies and global cybersecurity units on high alert
The FBI confirmed its awareness of the attacks and stated it is working in coordination with Microsoft, CISA, and the Department of Defense’s Cyber Defense Command, among others. While attribution has not yet been disclosed, reports suggest that both U.S. and international entities have already been affected.
According to Microsoft’s internal guidance, the spoofing tactic used in this campaign allows attackers to impersonate trusted systems or individuals within a network. This manipulation can be used to exfiltrate sensitive information or gain elevated access privileges, potentially disrupting document sharing workflows across organizations.
The company stressed that SharePoint Online remains unaffected, offering cloud-based customers a layer of insulation from the current threat. However, the alert raises new concerns over the cybersecurity risks associated with maintaining legacy on-premise infrastructure in a hybrid IT environment.
