Over 1,300 SharePoint Servers Still Exposed to Actively Exploited Spoofing Zero-Day

Over 1,300 Microsoft SharePoint servers exposed to the internet remain unpatched against a spoofing vulnerability that was first exploited as a zero-day and continues to be actively abused in ongoing attacks. The flaw allows attackers to perform spoofing operations that can be used to steal credentials, hijack sessions, or pivot further into corporate environments.

SharePoint is broadly deployed in enterprise settings and frequently exposed at the perimeter. Organizations should apply the available Microsoft patch immediately, audit any internet-facing SharePoint instances, and review logs for indicators of exploitation activity. The combination of active exploitation and a large unpatched population makes this a high-priority remediation target.