Microsoft issued an emergency fix to close off a vulnerability in its SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain.

Microsoft released an emergency security patch on Sunday to “mitigate active attacks targeting on-premises servers.”

Researchers first uncovered a sweeping cyber espionage operation targeting Microsoft server software affecting at least 100 organisations.

Microsoft said the company has been "coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners around the world throughout our response."

Microsoft said in a post on its website on Saturday that it was “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities.” SharePoint is a Microsoft platform that allows customers to manage and share documents within their organizations.

Hackers exploited a zero-day vulnerability in Microsoft SharePoint servers, targeting US federal agencies and other entities.

Users can open System Information (msinfo32.exe) to check if VBS is running and confirm that the Hyper-V role is not installed. They can also verify whether the VM was created with Standard security, rather than Trusted Launch, by reviewing the Security type field in the Azure portal.