Microsoft Knew of SharePoint Security Flaw but Failed to Effectively Patch It Timeline Shows
Microsoft’s latest security patch, intended to seal a critical vulnerability in its SharePoint server software, sprung a leak. Despite the fix, hackers exploited the lingering flaw to launch a widespread cyber espionage campaign, according to a timeline reviewed by Reuters. The botched patch left the door ajar, enabling a global breach of sensitive data.
Remember that Microsoft’s fix for a May hacking contest vulnerability? Scratch that. Turns out, it didn’t quite stick. But don’t panic – Redmond’s already rolled out reinforcements in the form of new patches to finally seal the breach, a spokesperson confirmed Tuesday.
The digital world is on high alert following a weekend blitz targeting nearly 100 organizations in what appears to be a widespread espionage campaign. The identity of the masterminds remains shrouded in mystery, but with the digital feeding frenzy expected to intensify as more hackers join the hunt, the stakes are only getting higher.
Microsoft recently blew the whistle on a trio of China-based hacking groups, including “Linen Typhoon” and “Violet Typhoon.” These digital stormtroopers are actively exploiting system vulnerabilities.
Microsoft and Alphabet’s Google have said China-linked hackers were probably behind the first wave of hacks.
Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies such hacking operations.
China’s embassy in Washington fired back via email, dismissing accusations of cyberattacks as baseless smears, demanding solid evidence instead of conjecture.
A cybersecurity firm’s Berlin hacking contest in May inadvertently became ground zero. Organized by Trend Micro, the event dangled juicy cash prizes, tempting hackers to unearth vulnerabilities in widely used software. Little did they know, one of those bugs – a seemingly insignificant chink in the armor – would soon be exploited in a real-world attack.
Microsoft dangled a $100,000 carrot – a bounty for hackers who could unearth and weaponize “zero-day” exploits against its ubiquitous SharePoint platform. The challenge: discover previously unknown vulnerabilities capable of turning the document management giant against its users.
America’s nuclear guardians, the very agency entrusted with designing and safeguarding the nation’s atomic arsenal, suffered a chilling security breach, Bloomberg News reported. A source familiar with the situation revealed that the National Nuclear Security Administration, keeper of the nuclear flame, was among the compromised agencies.
No sensitive or classified information is known to have been compromised, it added.
Reuters sought comment from the US Energy Department, the US Cybersecurity and Infrastructure Security Agency, and Microsoft, but at press time, none had responded to inquiries regarding the report.
At a recent cybersecurity conference, a researcher from Viettel, the telecoms giant backed by Vietnam’s military, unearthed a critical SharePoint vulnerability. Dubbed “ToolShell,” this flaw, revealed at the May event, opens the door for potential exploits, as demonstrated by the researcher’s unsettling proof-of-concept.
The discovery won the researcher an award of $100,000, an X posting by Trend Micro’s “Zero Day Initiative” showed.
Trend Micro emphasized that vendors taking part were obligated to swiftly address and reveal security vulnerabilities, dealing with them “effectively and in a timely manner.”
“Patches will occasionally fail,” it added. “This has happened with SharePoint in the past.”
July 8th saw Microsoft slam the door shut on a critical vulnerability, issuing emergency patches to safeguard users from a potentially devastating bug.
Ten days after the digital dust settled, a chilling counterstrike began. Cybersecurity watchdogs detected a surge of malevolent online assaults zeroing in on the very chink in the armor – SharePoint servers – the initial bug had exposed.
Sophos, a British cybersecurity firm, revealed Monday that malicious actors have already engineered exploits that seemingly sidestep recently released security patches.
The pool of potential ToolShell targets remains vast.
A chilling discovery: Shodan, the search engine that maps the internet’s hidden corners, has exposed a potential digital battlefield. Over 8,000 servers may already be under hacker control, silently compromised and awaiting their command.
Imagine a web of interconnected networks auditors meticulously examining finances, banks safeguarding fortunes, healthcare companies protecting patient data, and colossal industrial firms powering our world. These servers, the digital linchpins, extended even further, reaching the hallowed halls of U.S. state governments and international bodies.
Shadowserver Foundation’s internet-wide vulnerability scans hint at a digital iceberg: over 9,000 exposed weaknesses visible above the surface, with the true extent likely far greater.
It said most of those affected were in the United States and Germany.
Initial fears of a cyber breach within the German government appear unfounded. The BSI, Germany’s cybersecurity watchdog, announced Tuesday that after intensive investigation, no SharePoint servers on government networks showed signs of compromise related to the widely publicized ToolShell attack, despite identified vulnerabilities. A potential digital disaster averted.
© Thomson Reuters 2025
Thanks for reading Microsoft Knew of SharePoint Security Flaw but Failed to Effectively Patch It Timeline Shows
