Microsoft Warns of Active Attacks on SharePoint Servers, Urges Immediate Security Updates

Key Takeaways:

Powered by lumidawealth.com

1. Active Exploitation: Microsoft has issued an alert about ongoing attacks targeting on-premise SharePoint servers, exploiting vulnerabilities that were only partially addressed in a July update.
2. Cloud Not Affected: SharePoint Online in Microsoft 365 is not impacted; the threat is limited to on-premise versions, specifically SharePoint Subscription Edition and SharePoint 2019 (with updates for 2016 pending).
3. Serious Threat: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity firms warn that the vulnerability allows hackers to fully access SharePoint content and execute code remotely.
4. Urgent Response Needed: Microsoft and security experts urge customers to immediately install the latest security updates or, if that’s not possible, disconnect affected servers from the internet.
5. Ongoing Risk: Experts describe the situation as a zero-day vulnerability and caution that simply patching may not be enough—organizations should assume compromise and investigate.

What Happened?

Microsoft alerted customers to active, in-the-wild attacks exploiting critical vulnerabilities in on-premise SharePoint servers. The company has released security updates for the most recent versions and is working on patches for older ones. The attacks allow hackers to access sensitive files and configurations, and to run code on affected systems.

CISA and cybersecurity firms like Palo Alto Networks and Mandiant have confirmed global exploitation and are urging organizations to take immediate action.

Why It Matters?

This incident highlights the persistent risks facing organizations running on-premise software, especially as attackers increasingly target critical business infrastructure. The severity and global scale of the attacks underscore the need for rapid patching, robust incident response, and a shift toward more secure, cloud-based solutions where possible.

Failure to act could result in significant data breaches, operational disruption, and reputational damage.

What’s Next?

Organizations should immediately apply Microsoft’s security updates or disconnect vulnerable servers. Security teams are advised to investigate for signs of compromise, as patching alone may not remove existing threats. Microsoft is expected to release further updates for older SharePoint versions soon.