MicrosoftIt is warning of an "active attack" on server software used by government agencies and businesses to share files within their organizations, and is advising customers to apply security updates immediately. The FBI said on Sunday it was aware of the attacks and was working closely with federal and private sector partners, but gave no other details.
In an alert issued on Saturday, Microsoft said the vulnerabilities only apply to SharePoint servers used internally by organizations. Microsoft said SharePoint Online in Microsoft 365 in the cloud was not affected by the attack.
Over the past few days, unidentified hackers have reportedly exploited a vulnerability to launch attacks against U.S. and international institutions and businesses.
The hack was dubbed a "zero-day" attack because it targeted a previously unknown vulnerability. Tens of thousands of servers are at risk.
Microsoft said in its warning that a vulnerability "allows an authorized attacker to perform spoofing on the network" and issued recommendations on how to prevent attackers from exploiting the vulnerability.
In a spoofing attack, an attacker can manipulate financial markets or institutions by hiding their identity and pretending to be a trusted person, organization, or website.
Microsoft said on Sunday that it has released a security update for the SharePoint subscription version and users should apply for it immediately.
The company said it is working on updates to the 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until security updates are available.