Microsoft has issued a cyber attack alert targeting SharePoint servers, the software used by government agencies and international companies to store, organize, and share information and documents.
The company specified that security updates have been released, which customers are urged to install immediately, as reported by Reuters.
The FBI stated that it is aware of these attacks and is closely collaborating with its federal and private sector partners, but did not provide further details.
According to Microsoft, the vulnerabilities only apply to SharePoint servers. The SharePoint Online version, which is part of the Microsoft 365 suite and is cloud-based, has not been affected by the attacks.
"We have closely coordinated with the Cybersecurity Directorate within the Department of Defense and with key global cybersecurity partners," a Microsoft spokesperson said.
The Washington Post, which first reported the cyber attacks, announced that hackers exploited a flaw to launch an attack targeting US and international agencies and companies.
The attack is known as "zero day" because it targeted a previously unknown vulnerability, the newspaper stated, citing experts. Tens of thousands of servers were at risk.
Microsoft stated that a vulnerability "allows an attacker to carry out data forgery in a network." The company has issued recommendations to prevent attackers from exploiting it.
In a data forgery attack, hackers can manipulate financial markets or agencies by concealing their identity and giving the impression that they are a trusted person, organization, or website.
Previously, Microsoft stated that it is working on updates for the 2016 and 2019 versions of SharePoint. If customers cannot enable the recommended protection against malware programs, they should disconnect their servers from the internet until a security update is available, it added.