Microsoft has raised a red flag over a series of active cyberattacks exploiting a serious vulnerability in its on-premises SharePoint server software. In an urgent security advisory, the tech giant is urging all affected organisations to install critical security updates without delay to fend off potential breaches. 

Who's Affected – And Who's Not

The vulnerability in question only affects on-premises versions of SharePoint—typically used by companies and government agencies for internal document sharing. If you're using SharePoint Online, the cloud version included in Microsoft 365, there's good news: Microsoft has confirmed that it is not impacted by this attack.

Spoofing Attacks: The Real Danger Behind the Breach

At the heart of the issue is a flaw that allows attackers to perform spoofing attacks—a technique where they impersonate trusted users or systems. Once inside the network, these bad actors can potentially gain access to sensitive data, disrupt operations, or manipulate internal communications without raising suspicion.

Microsoft emphasized that this is a zero-day vulnerability, meaning it was exploited by attackers before the company or security researchers even knew it existed. That makes the current situation especially critical.

Global Impact and Ongoing Investigations

This isn't a small-scale incident. According to The Washington Post, the cyberattacks have affected both U.S. and international government agencies, as well as businesses around the globe. The FBI has confirmed it is monitoring the situation and working with other agencies and private sector partners to manage the threat.

So far, details about the attackers or the full scale of the breach remain under wraps.

Microsoft's Response and What You Should Do Now

Microsoft has already released a security fix for SharePoint Subscription Edition and is actively working on patches for SharePoint 2016 and 2019. Organisations running those versions should keep an eye out for updates and apply them as soon as they're available.

If applying the patch isn't immediately possible, Microsoft strongly advises disconnecting vulnerable servers from the internet to reduce the risk of compromise until the proper updates can be installed.

Why This Matters

This incident serves as a stark reminder of the risks facing organisations that rely on on-premise infrastructure without keeping up with security patches. As cyberthreats continue to evolve, timely updates and proactive monitoring are no longer optional—they're essential for staying secure in an increasingly connected world.