Home Innovation Microsoft Microsoft Warns of Active Shar...

Microsoft Warns of Active SharePoint Attacks Exploiting Zero-Day Flaw Worldwide

Microsoft

Business Honor
23 July, 2025

Microsoft recommends quick patching and investigation due to a critical SharePoint vulnerability that gives hackers complete access.

Microsoft has issued an urgent warning about ongoing cyberattacks targeting its on-premise SharePoint server software. These attacks are using a zero-day vulnerability, which means hackers found the flaw before Microsoft could fix it. SharePoint is used by businesses to store critical data, manage internal websites, and share files. Only on-site SharePoint servers are impacted; cloud-based SharePoint Online used with Microsoft 365 is unaffected.

According to Microsoft, attackers are using this flaw to gain full access to SharePoint systems, including file content and server settings. Cybersecurity experts said that hackers were able to steal security keys, which could let them return even after the software is updated. The attacks are widespread, with multiple hacker groups involved. According to Mandiant, a cybersecurity firm owned by Google, at least one group has ties to China.

Microsoft released updates for SharePoint 2019 and SharePoint Subscription Edition customers to protect them. A fix for SharePoint 2016 is still in progress. Until then, Microsoft advises companies to disconnect affected servers from the internet if they can’t apply the patch right away. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) have confirmed that the vulnerability is being actively used by hackers. Security companies are urging organizations to take immediate action, saying this isn’t a “patch and forget” issue. Experts recommend that companies assume their systems may already be compromised and carry out detailed investigations. Microsoft said it is working closely with government agencies and cybersecurity partners to contain the threat and protect customers.