Microsoft Warns Of Major SharePoint Zero‑Day Attack Targeting Government & Enterprise Servers

Microsoft has sounded the alarm over active cyberattacks exploiting a previously unknown vulnerability in its SharePoint server software used by numerous government agencies and businesses.

The company confirmed in an alert issued on Saturday that the flaw, classified as a “zero-day” vulnerability, enables an authorised attacker to perform spoofing over a network.
The attacks, Microsoft said, do not affect SharePoint Online hosted on Microsoft 365, which remains secure. However, on-premises SharePoint servers — especially 2016 and 2019 versions — are at high risk.

Urgent Security Patches and Recommendations Issued
“We’ve been coordinating closely with CISA, DOD Cyber Defence Command, and key cybersecurity partners globally throughout our response,” a Microsoft spokesperson told media outlets. The tech giant has rolled out security updates and is urging customers to install them without delay.

The company also recommended that if customers are unable to enable malware protection as per Microsoft’s guidelines, they should disconnect affected SharePoint servers from the internet until a patch is applied.

In its technical advisory, Microsoft emphasised: “The vulnerability allows an authorised attacker to perform spoofing over a network.” In spoofing attacks, threat actors impersonate trusted individuals or websites, posing severe risks to agencies, financial systems, and corporate networks.
 

FBI and Global Cyber Agencies Monitoring Threat
The FBI has acknowledged the threat, stating on Sunday that it is “aware of the attacks and is working closely with its federal and private-sector partners,” although it offered no additional details.

According to The Washington Post, which first reported the breach, the attackers exploited the SharePoint vulnerability over the past few days, targeting both US and international organisations.

Read More - Will Nifty50 Break Key Support Or Bounce Back After Q1 Earnings?

Implications for Enterprise IT and National Security
As attacks on critical infrastructure grow in frequency and sophistication, the current SharePoint vulnerability highlights the urgent need for proactive cybersecurity measures.

Microsoft’s disclosure reinforces the importance of immediate action by system administrators to mitigate the threat and protect sensitive networks from exploitation.
For now, all eyes remain on how quickly affected organisations respond to Microsoft's advisories — and how far-reaching the damage may be.

(With Inputs From Reuters)