Microsoft alerts businesses and government agencies to ongoing SharePoint vulnerability exploit

Microsoft has issued an alert to businesses and U.S. government agencies about the ongoing zero-day exploit being used to conduct attacks on SharePoint.

According to the AP, Microsoft updated its guidance with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition, which includes a slew of security updates. Engineers are still working on a fix for the older SharePoint Server 2016 software. To access Microsoft's link to the updates go here.

“Anybody who’s got a hosted SharePoint server has got a problem,” said Adam Meyers, senior vice president with CrowdStrike. “It’s a significant vulnerability.”

Companies and government agencies around the world use SharePoint for internal document management, data organization, and collaboration.

A zero-day exploit is a cyberattack that takes advantage of a previously unknown security vulnerability.

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting SharePoint is “a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.”

Security researchers warn that the exploit, reportedly known as “ToolShell,” is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive.

Microsoft said the vulnerability affects only on-site SharePoint servers used within businesses or organizations, and does not affect Microsoft’s cloud-based SharePoint Online service.

Although the scope of the attack is still being assessed, CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.