In an alert published on Saturday, Microsoft confirmed that the attacks are active and impact only on-premise SharePoint servers. Cloud-based versions, such as SharePoint Online within Microsoft 365, are not affected. The company said the flaw enables a vulnerability that “allows an authorised attacker to perform spoofing over a network.”

Microsoft has issued a warning about active attacks on SharePoint server software used by government and business organizations. These 'zero day' attacks exploit a previously unknown vulnerability. Microsoft recommends immediate security updates,

At least 85 servers worldwide have been compromised through a Microsoft service vulnerability that has been used to achieve remote code execution.