Microsoft has warned of “active attacks” targeting server software that government agencies and businesses use to share documents internally. The company urged customers to install security updates immediately to protect their systems.

On Sunday, the FBI confirmed it is aware of these attacks and is collaborating with federal and private-sector partners, though it did not provide further details.

Figure 1. Server Software Cyberattack.

In its advisory issued on Saturday, Microsoft specified that the vulnerabilities affect only on-premises SharePoint servers used within organizations. The company clarified that SharePoint Online, part of its cloud-based Microsoft 365 suite, is not impacted by the attacks. Figure 1 shows Server Software Cyberattack.

We’ve been working closely with CISA, the DOD Cyber Defense Command, and key cybersecurity partners worldwide as part of our response,” a Microsoft spokesperson said [1]. The company has released security updates and strongly urged customers to install them immediately.

According to The Washington Post, which first reported the incident, unknown attackers recently exploited a flaw to carry out an attack targeting U.S. and international government agencies as well as businesses.Experts described this as a “zero-day” attack, meaning it took advantage of a previously unknown vulnerability, putting tens of thousands of servers at risk.

In its advisory, Microsoft explained that the vulnerability “allows an authorized attacker to perform spoofing over a network.” The company provided guidance to help prevent attackers from exploiting this flaw.Spoofing attacks can enable malicious actors to impersonate trusted individuals, organizations, or websites, potentially manipulating financial markets or misleading agencies.

Microsoft also noted that it is working on updates for the 2016 and 2019 versions of SharePoint. In cases where customers cannot implement the recommended malware protection, Microsoft advised temporarily disconnecting servers from the internet until a security fix becomes available.

Reference

1. https://economictimes.indiatimes.com/tech/technology/microsoft-alerts-businesses-governments-to-server-software-attack/articleshow/122804356.cms

Cite this article:

Keerthana S (2025), Microsoft Warns Businesses and Governments of Server Software Cyberattack, AnaTechMaz, pp.104