NAIROBI, Kenya — Microsoft is warning of active cyberattacks targeting a major piece of software used by governments and businesses worldwide to share internal documents. And this one isn’t happening in the cloud — it’s striking the servers on the ground.
In a security alert issued Saturday, Microsoft confirmed that the ongoing attacks are exploiting vulnerabilities in on-premises SharePoint servers, the backbone of many organizations’ internal collaboration systems.
Thankfully, the tech giant clarified that SharePoint Online, which runs through Microsoft 365 in the cloud, remains unaffected.
The attacks are already underway, according to Microsoft, and federal agencies are paying attention.
The FBI confirmed Sunday that it’s aware of the threat and is working alongside government and private-sector partners, though it didn’t reveal further details about the perpetrators or the scope of the breach.
What’s particularly alarming is that this is a so-called zero-day attack — meaning hackers found a flaw before Microsoft did, leaving organizations with zero days to prepare.
According to The Washington Post, which first reported the breach, both U.S. and international entities have already been targeted in the last few days.
Microsoft explained that the flaw allows an authorized attacker to carry out spoofing — a tactic where someone pretends to be a trusted source in order to gain access or manipulate systems.
That could mean fake emails, phony web interfaces, or malicious commands disguised as legitimate requests. The implications? Everything from tampering with sensitive files to disrupting operations at high levels of government and enterprise.
The company has already issued security patches and is urging affected customers to install them immediately.
In cases where organizations can’t apply those updates right away, Microsoft is advising a complete disconnect from the internet to avoid potential exposure — especially for those using SharePoint 2016 or 2019 versions.
“We’ve been coordinating closely with CISA, the Department of Defense Cyber Defense Command, and global cybersecurity partners throughout our response,” a Microsoft spokesperson said.
Tens of thousands of servers could be vulnerable if patches aren’t applied, making this another stark reminder of how fragile our digital infrastructure can be — and how fast threat actors are evolving.
For companies relying on local SharePoint servers, this is the moment to drop everything, review your security posture, and take action. Because while your files might live in a secure boardroom, the doors to that boardroom may already be wide open.
