NEW YORK (AP) — Microsoft has issued an emergency fix to close off a vulnerability in Microsoft’s SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

To secure the endpoints, Microsoft recommends applying the July 2025 security updates immediately, as well as enabling Antimalware Scan Interface (AMSI) for SharePoint and making sure Defender Antivirus is deployed.

Microsoft has pointed the finger at three Chinese nation-state actors for exploiting the SharePoint vulnerabilities. Here's what we know about the security flaws and how to guard against future attacks.