Microsoft issues warning after hackers exploit unknown SharePoint flaw

A warning has been issued to Microsoft users detailing a cybersecurity flaw that allowed hackers to access its SharePoint servers, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced.

The CISA posted an alert on Sunday, which said it is aware of an “active exploitation” that enables unauthorized access to on-site SharePoint servers, and is continuing to monitor the severity of the situation.

Microsoft SharePoint hack

Microsoft SharePoint is a platform used for document management that allows users to share files, data, and track project status. SharePoint is also integrated with Microsoft 365 applications, including Teams and OneDrive.

The hack is labeled as a “zero-day” attack due to the previously unknown vulnerability within the system, and tens of thousands of servers were at risk, according to Reuters.

In an alert posted by Microsoft on July 19, the company said that the exploit enables an “authorized attacker to perform spoofing over a network.” A spoofing cyberattack involves an actor manipulating financial markets or agencies by hiding their identity and tricking a user into believing that they are a trusted source.

“We’ve been coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners globally throughout our response,” a Microsoft spokesperson said, according to Reuters.

Microsoft noted that the vulnerabilities solely applied to SharePoint servers used within organizations. SharePoint Online in Microsoft 365, which is in the cloud, was not involved in the attack.

“The FBI is aware of the matter, and we are working closely with our federal government and private sector partners,” a Microsoft spokesperson told USA TODAY.

Microsoft told its customers that if they can’t enable recommended malware protection, they should disconnect their servers from the internet until a security update becomes available, according to Reuters.

Follow Jason Sutich on X. Send news tips here.