Security Flaw in Microsoft SharePoint

Many organisations rely on Microsoft SharePoint to share documents and work together online. But a serious new vulnerability has been found in the on-premise version of SharePoint, putting sensitive information at risk. The cloud version via Microsoft 365 is not affected.

This is a zero-day vulnerability — meaning hackers were already exploiting it before Microsoft became aware of the flaw. Attackers don’t need to trick anyone into clicking links. Instead, they can send a specially crafted request to the SharePoint server and gain direct access to install malware.

Once inside, criminals can move deeper into the network, targeting email or Teams to spread malware and impersonate colleagues. They can also change, delete, or replace documents in shared folders, making the attack harder to detect.

On 19 July, Microsoft warned organisations running SharePoint locally and confirmed that a permanent fix is not yet available. For now, Microsoft advises checking that AMSI (Antimalware Scan Interface) is enabled — which it is by default — and considering taking vulnerable servers offline temporarily to reduce the risk.

What you should do

• Watch for suspicious internal messages: unexpected emails or Teams links, even if they look like they’re from colleagues, could be a sign of compromise.

• Check unusual activity: pay attention to edits at odd hours or by unknown users.

• Help IT react quickly: take screenshots, note the time, and report all suspicious activity.