Microsoft is scrambling to contain a critical zero‑day security flaw affecting its on‑premises SharePoint Server software. The breach enables attackers to execute unauthenticated remote code, potentially steal credentials, and implant persistent malware—even after rebooting or applying patches. This risk extends to integrated services such as Outlook, Teams, OneDrive, and other SharePoint-connected systems.

SharePoint Online in Microsoft 365 is unaffected, but on‑premises users are at immediate risk. Microsoft confirmed that its security response team is urgently working to roll out patches, with updates available now for certain editions. Support for SharePoint Server 2016 is still in development.

Cybersecurity firm Eye Security first detected the breach around July 18. Investigations revealed the flaw allows attackers to extract cryptographic machine keys and maintain unauthorised access even after repairs—the type of stealthy compromise that can leave long-lasting damage. Palo Alto Networks’ Unit 42 and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have confirmed active exploits. Meanwhile, the FBI has joined Microsoft and CISA in ongoing investigations.

Microsoft advises immediate actions: apply published updates for SharePoint 2019 and Subscription Edition, enable Antimalware Scan Interface integration, deploy Microsoft Defender Antivirus, and isolate internet-exposed servers if updates are delayed. The company also recommends rotating machine keys post-patch to invalidate any stolen credentials.

This incident echoes the 2021 Exchange Server breach that affected over 250,000 servers. Like that earlier attack, simply patching will not cleanse compromised systems—organisations must also hunt for signs of lingering malware and unauthorized access.

With tens of thousands of on‑premises SharePoint servers still vulnerable, the cybersecurity community is urging swift protective action. Microsoft‘s proactive updates and collaboration with global agencies are crucial—but the real test lies in detection response and infrastructure hardening.