Microsoft has confirmed a global cyberattack targeting its widely used SharePoint collaboration software, with significant implications for businesses and governments worldwide. The breach, which security officials describe as “active exploitation,” allows unauthorized access to vulnerable on-premises SharePoint servers. Attackers can reportedly obtain full access to file systems and execute malicious code, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
Microsoft has released emergency patches for its SharePoint Subscription Edition and SharePoint 2019, while SharePoint 2016 remains vulnerable. The company has stated it is actively developing a fix for the older software version. These vulnerabilities do not affect Microsoft’s cloud-based SharePoint Online, part of the Microsoft 365 suite. The affected systems are primarily on-premises servers still in use by numerous government agencies, educational institutions, and large corporations worldwide.
Cybersecurity experts from Palo Alto Networks warned that thousands of organizations could already be compromised. They confirmed that attackers are leveraging the flaw to establish footholds within systems, exfiltrate sensitive data, deploy backdoors, and steal cryptographic keys. Researchers at Eye Security, a European cybersecurity firm, noted that the flaw enables attackers to impersonate legitimate users or services, heightening the risk of further breaches across connected Microsoft services, including Outlook and Teams.
Experts warn compromised keys may allow repeated breaches
Authorities in the United States, Canada, and Australia have launched investigations into the attacks. In the U.S., at least two federal agencies have reportedly been affected, though officials have not publicly disclosed which ones. Affected organizations range from state governments and educational institutions to energy companies and international telecommunications firms. Security researchers have also traced breaches to government agencies in Spain, a university in Brazil, and a local authority in Albuquerque.
CISA emphasized that while patches mitigate future risks, organizations already compromised may remain vulnerable, as attackers have reportedly obtained keys enabling persistent access. Officials caution that simply applying patches will not rectify existing breaches. Efforts are underway across multiple jurisdictions to contain the fallout and prevent further exploitation. Microsoft has faced criticism over the security lapse, with experts highlighting a pattern of vulnerabilities being inadequately addressed in past incidents.
The company has declined to comment beyond its public advisories. The FBI confirmed it is coordinating with federal and private sector partners to respond to the breach. The incident underscores ongoing concerns about the security of Microsoft’s products, especially as they remain integral to the operations of governments and large enterprises. Cybersecurity officials and researchers have described the current situation as a “zero-day” vulnerability, with rapid exploitation observed before patches could be fully deployed. The full scale and long-term impact of the attack remain under investigation. – By Content Syndication Services.