Microsoft has issued a critical warning about “active attacks” targeting on-premises SharePoint servers used by government agencies and businesses for internal document sharing. The tech giant is urging organizations to immediately install security updates to protect against the threat, which does not affect cloud-based SharePoint Online in Microsoft 365.
The attacks exploit a previously unknown vulnerability, making it a “zero-day” exploit, according to The Washington Post, which first reported the incident. Security experts say the flaw puts tens of thousands of servers at risk globally.
Microsoft stated in its advisory that the flaw “allows an authorized attacker to perform spoofing over a network.” In such attacks, bad actors impersonate trusted individuals or systems to gain unauthorized access, potentially allowing them to manipulate operations or steal sensitive information.
“We’ve been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response,” a Microsoft spokesperson said, emphasizing that patches have been issued and that customers should apply them without delay.
The FBI confirmed on Sunday that it is aware of the breach and is actively working with federal agencies and private-sector partners, though it has not released additional information on the attackers or the scale of the breach.
According to The Washington Post, unknown threat actors exploited the flaw in recent days to target both U.S. and international entities, including government institutions and corporations.
Microsoft clarified that only on-premise versions of SharePoint are affected. SharePoint Online, part of the company’s Microsoft 365 suite, remains secure, as it operates on separate cloud infrastructure.
For organizations running SharePoint Server 2016 and 2019, Microsoft is developing further updates. In the meantime, the company advises that if customers cannot implement the recommended security measures, they should disconnect vulnerable servers from the internet to prevent exploitation.
The situation underscores the growing threat posed by zero-day vulnerabilities and highlights the importance of prompt patching and robust cybersecurity protocols in enterprise environments.
![Pinterest](https://pinterest.com/pin/create/button/?url=https://www.cxodigitalpulse.com/microsoft-warns-of-ongoing-attacks-on-sharepoint-servers-urges-immediate-security-updates/&media=https://www.cxodigitalpulse.com/wp-content/uploads/2025/07/Feature-image-371.webp&description=Microsoft has issued a critical warning about "active attacks" targeting on-premises SharePoint servers used by government agencies and .....){kind=link}