WASHINGTON, July 21; Microsoft has issued a critical alert regarding ongoing cyberattacks targeting its SharePoint server software, commonly used by government agencies and businesses for internal document sharing. The company urged all users to apply newly released security updates immediately.

In a security advisory released Saturday, Microsoft clarified that the attacks affect only on-premises SharePoint servers and do not impact SharePoint Online, which operates within the Microsoft 365 cloud platform.

The alert warned of a vulnerability that allows attackers to conduct “spoofing” over a network. In such attacks, bad actors disguise themselves as trusted entities—such as individuals, organizations, or websites—potentially leading to the manipulation of financial systems or compromising government operations.

Microsoft described the exploit as a "zero-day" attack, meaning it targeted a previously unknown flaw. The Washington Post, which first reported the breach, said the attack affected both U.S. and international organizations and could put tens of thousands of servers at risk.

“We’ve been coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners globally throughout our response,” a Microsoft spokesperson said. The company has issued security patches and strongly encouraged affected customers to install them without delay.

The FBI confirmed Sunday that it is aware of the ongoing attacks and is working with both federal agencies and private-sector partners. However, it provided no further details at this time.

Microsoft is also preparing security updates for older SharePoint versions, including SharePoint 2016 and 2019. For organizations unable to implement the recommended malware protection measures immediately, the company advised disconnecting servers from the internet until the patches are deployed.