July 21 (UPI) — An investigation is underway after hackers used a security flaw in Microsoft software to internationally infiltrate agencies and businesses over the weekend.
The United States, Canada and Australia have partnered in an effort to probe how the unidentified hackers used a security weak spot in Microsoft’s SharePoint collaboration software to gain access to several American federal and state agencies, as well as energy companies, universities and an Asian telecommunications company.
Microsoft announced Saturday that it “is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.”
Researchers at the Eye Security cybersecurity company first identified the weak point on Friday, explained as a “new SharePoint remote code execution vulnerability chain in the wild,” it allows hackers to access the exploited SharePoint versions and steal keys that can let them impersonate users even after an affected server is patched or rebooted.
As a result, hackers can use the liability to steal passwords and sensitive data and then travel the breached network through services that connect to SharePoint, such as Outlook, Teams and OneDrive.
The SharePoint servers allow for documents to be shared and managed, and Microsoft has since released patches to defend SharePoint 2019 and SharePoint Subscription Edition servers, but a patch for SharePoint 2016 is still forthcoming.
The attack, referred to a “zero-day” incident because it used a previously unknown vulnerability, only impacts servers housed within on-premises organizations, but not cloud operations like Microsoft 365.
According to the press release from Microsoft, customers using the SharePoint Subscription Edition should “apply the security update provided in CVE-2025-53771 immediately to mitigate the vulnerability.”
As for those who use SharePoint 2016 or 2019, the current guidance is to “use or upgrade to supported versions of on-premises Microsoft SharePoint Server,” which are SharePoint Server 2016, 2019 and SharePoint Subscription Edition, and then apply the latest security updates.
