A Microsoft SharePoint server software flaw is causing widespread concern across the global cybersecurity landscape, exposing thousands of organisations to hackers exploiting a new vulnerability.
This critical vulnerability exposes government agencies, universities, and energy firms who are at risk of cyberattacks. The flaw, now being actively exploited by unidentified hackers, allows attackers to gain deep, remote access to on-premise SharePoint servers.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the vulnerability can enable malicious actors to access internal files, change configurations, and even execute remote code, effectively giving them high-level control over compromised systems.
Read also: Microsoft plans to cut 9,000 jobs in latest round of layoffs
Microsoft has also acknowledged the breach and released a security patch aimed at stopping the ongoing attacks. The firm urged users to apply the patch immediately, saying it is working to roll out additional protections, according to a statement reported by Bloomberg.
Despite these efforts, cybersecurity researchers warn that systems may remain vulnerable if attackers have already infiltrated networks, stolen authentication keys, or implanted persistent backdoors before patches were applied.
The United States hosts the highest number of these vulnerable systems, followed by the Netherlands, the United Kingdom, and Canada.
The Washington Post reported that the breach has already impacted a range of institutions, including U.S. federal and state agencies, academic institutions, energy companies, and a telecommunications firm in Asia.
Read also: Visa, Microsoft empower Nigerian fintechs with AI skills
This latest incident adds to a growing list of cybersecurity challenges facing Microsoft. In March, the company revealed that Chinese state-backed hackers had targeted its cloud-based services to infiltrate both U.S. and international organisations.
Last year, the U.S. Cyber Safety Review Board sharply criticised Microsoft’s internal security culture as ‘inadequate’ after a separate breach compromised its Exchange Online mail systems and exposed communications of high-level officials.
