Microsoft SharePoint Vulnerability Exploited by Hackers: Governments and Businesses Targeted—Everything You Need to Know
Hackers exploited a zero-day SharePoint vulnerability, targeting U.S. agencies and businesses. Microsoft urges immediate updates to secure affected servers
In a major cybersecurity development, Microsoft has revealed the discovery and exploitation of a serious vulnerability in its SharePoint software. The flaw was actively used in attacks targeting global entities, including U.S. federal agencies and private businesses. This incident highlights the growing risk to digital infrastructure and reinforces the need for continuous system security.
قائمة المحتويات
In this article, we break down the details of the SharePoint vulnerability, who was affected, Microsoft’s response, and what organizations need to do next to protect themselves.
What Is the Microsoft SharePoint Vulnerability?
The SharePoint vulnerability is classified as a zero-day attack, meaning hackers exploited a security flaw that was previously unknown to Microsoft. The vulnerability affects on-premise SharePoint servers—systems hosted internally by organizations to manage content and internal communications.
The exploit allows attackers to execute remote code, access internal configurations, and browse sensitive file systems, potentially leading to data breaches or complete system compromise.
Who Is Affected by the Security Flaw?
Microsoft clarified that this vulnerability does not affect Microsoft 365 cloud service users, but rather only impacts organizations hosting their own SharePoint servers on-premise.
According to The Washington Post, the attack has impacted:
- U.S. federal government agencies
- State-level agencies
- Universities
- Private companies across various industries
The report confirmed that at least two U.S. federal agencies’ servers were breached using this vulnerability.
How Did Microsoft Respond?
In a statement shared via X (formerly Twitter), Microsoft announced it had released an emergency security update for the following SharePoint versions:
- SharePoint Subscription Edition
- SharePoint 2019
However, SharePoint 2016 users remain vulnerable as Microsoft has not yet released a patch. The company is actively working on a fix but urged affected organizations to:
“Consider disconnecting your server from the internet until a security update is available.”
“Read Also: Why Islam is the True Religion“
What Did the U.S. Cybersecurity Agency (CISA) Say?
The Cybersecurity and Infrastructure Security Agency (CISA) issued a statement on Sunday evening, confirming:
“We are aware of active exploitation of a new vulnerability enabling unauthorized access to on-premise SharePoint servers.”
CISA explained that the vulnerability allowed attackers to:
- Access critical file systems
- Modify internal server configurations
- Execute malicious code over the network
The Dutch cybersecurity firm Eye Security reported that these attacks occurred in two waves on July 18 and 19, and discovered that dozens of systems had already been compromised during a global scan of over 8,000 SharePoint servers.
How Was the Vulnerability Discovered?
According to Eye Security, their research team scanned more than 8,000 SharePoint servers worldwide on a single day and found:
- Dozens of servers had already been compromised
- The attacks were well-coordinated and targeted
- Exploits occurred in two separate waves mid-July
This suggests the attacks may have been carried out by highly organized threat actors or even state-sponsored groups.
“Read Also: TOP TEN MISCONCEPTIONS ABOUT ISLAM“
Microsoft’s Recent Security Woes
This incident is just the latest in a series of cybersecurity issues involving Microsoft. In 2023, Chinese hackers exploited a flaw in Microsoft Exchange, compromising the email accounts of around 25 organizations, including U.S. government agencies.
Notably, victims included:
- The U.S. Department of State
- Former Commerce Secretary Gina Raimondo
- Other high-profile Biden administration officials
The White House Cyber Safety Review Board issued a scathing report following the breach, criticizing Microsoft’s security culture. The report concluded that:
“Microsoft’s operational and strategic decisions revealed a corporate culture that deprioritized enterprise security and rigorous risk management.”
It also described a “cascade of avoidable errors” that ultimately enabled the attack.
What Should Organizations Do Now?
Given the severity of the issue, experts and agencies strongly recommend that affected organizations:
- Immediately apply patches if using SharePoint 2019 or the Subscription Edition
- Disconnect servers running SharePoint 2016 from the internet until a patch is released
- Monitor network activity for suspicious behavior
- Audit server logs and files for signs of compromise
- Implement a rapid incident response plan if any breach is suspected
Organizations are also encouraged to gradually migrate to secure cloud-based services, like Microsoft 365, which remain unaffected by this exploit.
“Read Also: Apple Offers $1 Million“
Conclusion
The Microsoft SharePoint vulnerability stands out as one of the most serious cybersecurity events of 2025 so far. It underscores the fragility of legacy systems and the need for real-time updates and monitoring.
As digital threats grow in complexity and scale, cybersecurity must be treated not as a luxury but as a core business strategy. This incident serves as a wake-up call for all organizations to take proactive, rather than reactive, steps to protect their infrastructure. Ultimately, the key takeaway from this breach is clear: Cybersecurity is no longer optional—it is mission-critical.