A newly discovered vulnerability in Microsoft’s SharePoint server software is raising alarms across the global business and cybersecurity community, with experts warning that thousands of organizations, including government agencies, energy firms, universities, and enterprises, may be at risk of significant breaches.
The flaw, which has already been actively exploited by unidentified hackers, enables attackers to gain deep access into systems running on-premise SharePoint servers.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the vulnerability allows hackers to access internal file systems, configurations, and even execute malicious code remotely, essentially granting them high-level control over compromised servers.
Microsoft confirmed breach
According to a Bloomberg report, Microsoft confirmed the breach, noting that it had released a new security patch for customers to apply to their SharePoint servers “to mitigate active attacks targeting on-premises servers.” The company said it was working to roll out others.
- However, cybersecurity researchers warn that the exploit’s nature is such that even patched systems could still be vulnerable if attackers have already stolen critical authentication keys or embedded persistent backdoors.
- The report quoted Cybersecurity firm Censys, estimating that more than 10,000 organizations globally are currently at risk due to exposed SharePoint servers.
- The highest concentration of vulnerable systems is in the United States, followed by the Netherlands, the United Kingdom, and Canada.
“This is a dream for ransomware operators. We expect a surge in malicious activity targeting this exploit over the coming days. A lot of attackers are going to be working this weekend,” said Silas Cutler, a researcher at Censys.
Security experts are emphasizing that the threat is not theoretical. Palo Alto Networks confirmed that real-world attacks exploiting the vulnerability are already underway, describing it as “a serious and active threat.”
- Google’s Threat Intelligence Group echoed that warning, saying the flaw allows “persistent, unauthenticated access and presents a significant risk to affected organizations.”
- The broader concern is that this type of exploit goes beyond data theft—it opens the door to large-scale ransomware deployments, corporate espionage, and long-term compromise of IT infrastructure.
Why It Matters
This incident underscores a pressing issue for CIOs, CISOs, and IT administrators globally, including in Nigeria, many of whom still rely on on-premise Microsoft SharePoint installations for document management, internal communications, and enterprise collaboration.
“When they’re able to compromise the fortress that is SharePoint, everybody is kind of at their whim because that is one of the highest security protocols out there,” said Gene Yu, CEO of Singapore-based cyber incident response firm Blackpanda.
The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies, and an Asian telecommunications company, citing state officials and private researchers.
What you should know
This latest breach is just the most recent in a series of cybersecurity challenges for Microsoft. In March, the company reported that Chinese state-backed hackers were targeting cloud applications and remote management tools to infiltrate U.S. and international organizations.
Microsoft’s security practices have come under increasing scrutiny. Last year, the U.S. government’s Cyber Safety Review Board described the company’s internal security culture as “inadequate” after hackers breached its Exchange Online mail systems, affecting 22 organizations and hundreds of individuals, including former U.S. Commerce Secretary Gina Raimondo.
