Microsoft Corp. has confirmed that unidentified hackers exploited a critical vulnerability in its SharePoint server software, raising concerns of widespread cybersecurity breaches affecting thousands of organizations globally.
The company disclosed that it has released a security patch for customers using on-premises SharePoint servers to mitigate active attacks.
The vulnerability, according to the US Cybersecurity and Infrastructure Security Agency (CISA), enabled attackers to gain unauthorized access to file systems, modify internal configurations, and execute malicious code remotely.
Cybersecurity experts warned that the scale of the attack could be extensive. Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys, estimated that over 10,000 organizations operating SharePoint servers are potentially exposed.
He noted that the United States accounted for the largest number of affected companies, followed by the Netherlands, the United Kingdom, and Canada. “It’s a dream for ransomware operators, and a lot of attackers are going to be working this weekend as well,” Cutler stated.
Palo Alto Networks Inc. confirmed that the exploit is “real, in-the-wild, and poses a serious threat.” Google Threat Intelligence Group, in an emailed statement, also observed hackers actively exploiting the vulnerability.
The group warned that the flaw permits “persistent, unauthenticated access and presents a significant risk to affected organizations.”
The Washington Post reported that US federal and state agencies, universities, energy firms, and an Asian telecommunications company are among the victims of the breach. Gene Yu, CEO of Singapore-based incident response firm Blackpanda, described the situation as alarming.
“When they’re able to compromise the fortress that is SharePoint, everybody is kind of at their whim because that is one of the highest security protocols out there,” he said.
Eye Security, a European cybersecurity company, was credited with the initial discovery of the vulnerability. The firm reported that attackers could use the exploit to steal encryption keys, allowing them to impersonate legitimate users or services even after security patches are applied.
Eye Security further warned that hackers could maintain unauthorized access through backdoors and modified components that persist after system updates and reboots.
Microsoft declined to provide additional details beyond its initial statement but assured that further security updates are being prepared to address the issue.
The tech giant has faced mounting criticism over its security framework, particularly following a series of high-profile cyberattacks.
Earlier this year, Microsoft revealed that Chinese state-backed hackers were targeting remote management tools and cloud applications in efforts to infiltrate US and foreign organizations.
The company’s security culture has been under scrutiny since the Cyber Safety Review Board, a White House-mandated body, described its practices as “inadequate” following the 2023 Exchange Online breach. That incident saw hackers compromise 22 organizations and hundreds of email accounts, including those of high-profile US officials.
Cybersecurity analysts have urged organizations using Microsoft SharePoint to immediately apply the latest security patches, conduct comprehensive system scans, and review potential compromise indicators. The incident underscores the growing sophistication of cyberattacks targeting critical infrastructure and enterprise software.
