Microsoft blamed two Chinese nation-state actors for exploiting recently discovered security flaws in SharePoint to infiltrate vulnerable organizations, like schools, state governments, and the U.S. government’s top nuclear security agency.

Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

Microsoft also has issued a patch for a related SharePoint vulnerability — CVE-2025-53771; Microsoft says there are no signs of active attacks on CVE-2025-53771, and that the patch is to provide more robust protections than the update for CVE-2025-49706.

The zero-day vulnerability — which was first disclosed late Saturday — has been exploited by several Chinese state-aligned groups, according to Microsoft.

Officials in Indiana and Missouri said technologists remain watchful, but their states so far seem to have avoided compromise. The latter’s Office of Administration credited a layered security approach for helping deflect bad actors.