Hackers have exploited vulnerabilities in Microsoft’s SharePoint software, placing tens of thousands of on-premises servers used by global businesses and agencies at risk. Microsoft issued an alert on Saturday disclosing that it was aware of “active attacks,” and that it was working to patch the zero-day exploit. That means servers that have already been compromised may still be a risk for businesses, but cloud versions of SharePoint aren’t vulnerable to the exploit and are unaffected. The exploit appears to have originated from a combination of two bugs that were presented at the Pwn2Own hacking contest in May, allowing unauthenticated access to SharePoint servers. Microsoft has released patches to “fully protect” SharePoint 2019 and SharePoint Subscription Edition servers, and the company is actively working on a patch for SharePoint 2016.