Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

If exploited, attackers can gain full access to SharePoint content and potentially pivot to Outlook, Teams, and OneDrive. Learn how to protect your SharePoint server from compromise.

The term "zero-day" attack refers to when a previously unknown vulnerability is targeted. Tens of thousands of servers are said to be at risk. While the issue is serious, it differs from several previous vulnerabilities related to Microsoft. The attack only affects on-premises servers; cloud-based servers are unaffected.

The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers as well as news reports.

Microsoft said in a post on its website on Saturday that it was “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities.” SharePoint is a Microsoft platform that allows customers to manage and share documents within their organizations.