A critical vulnerability in Microsoft SharePoint server software is raising alarms across the global cybersecurity community. The flaw, which affects on-premise SharePoint servers, is being actively exploited by unidentified hackers, exposing thousands of organizations to potential remote takeovers. The compromised entities include government agencies, universities, and energy firms, highlighting the far-reaching implications of the security lapse.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed the seriousness of the flaw, explaining that it enables attackers to gain unauthorized access to sensitive internal systems. Malicious actors can modify configurations, access files, and even execute remote code—essentially giving them administrative-level control over affected networks.
Microsoft has acknowledged the vulnerability and released an urgent security patch to counter the threat. The company urged immediate application of the patch and stated that it is working on further protective measures. However, cybersecurity experts caution that attackers may have already penetrated networks before the fix was deployed, possibly implanting persistent malware or stealing authentication credentials.
The scale of exposure is significant, with the United States hosting the largest number of vulnerable systems, followed by the Netherlands, the United Kingdom, and Canada. According to reports from The Washington Post, affected parties include U.S. federal and state agencies, academic institutions, and an Asian telecom firm. These breaches have renewed concerns over the fragility of global digital infrastructure.
This incident adds to a string of security troubles for Microsoft. Earlier in the year, the company revealed that Chinese state-backed hackers had exploited vulnerabilities in its cloud services. The U.S. Cyber Safety Review Board had previously criticized Microsoft’s security culture as “inadequate” following a separate breach that compromised its Exchange Online platform and the communications of high-ranking officials.
Source: Business day