Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    HomeTechnologyMicrosoft warns of active attacks on its SharePoint software with over 10,000 organisations at risk

    Microsoft warns of active attacks on its SharePoint software with over 10,000 organisations at risk

    The flaw, initially identified by Dutch-based Eye Security, affects SharePoint Subscription Edition and older versions like SharePoint 2016 and 2019.

    MC Tech Desk
    July 21, 2025 / 20:43 IST
    MIcrosoft

    A critical vulnerability in Microsoft’s widely-used SharePoint platform has left more than 10,000 organisations globally exposed to cyberattacks, with security experts warning of a “dream scenario” for ransomware groups.

    SharePoint, commonly used to store and manage internal documents, is deployed by thousands of enterprises and government agencies. Microsoft has confirmed “active attacks targeting on-premises servers,” with US federal and state departments reportedly among those impacted. While the United States accounts for the largest share of exposed systems, companies in the Netherlands, the UK and Canada are also believed to be vulnerable, according to cybersecurity firm Censys.

    The flaw, initially identified by Dutch-based Eye Security, affects SharePoint Subscription Edition and older versions like SharePoint 2016 and 2019. While Microsoft has released a patch for the Subscription Edition and is working on fixes for the others, the issue runs deeper. According to Eye Security, even patched systems may remain compromised if attackers have already infiltrated them, as they can maintain access through modified components and backdoors that survive reboots and updates.

    Researchers have expressed alarm over the scope and simplicity of the exploit. “It’s a dream for ransomware operators,” said Silas Cutler of Censys, warning that cybercriminals are likely already working to weaponise the flaw at scale.

    Google’s Threat Analysis Group and Palo Alto Networks both labelled the vulnerability as “significant,” urging immediate mitigation. The nature of the exploit means attackers can extract authentication keys from SharePoint servers, enabling them to impersonate users or services and move laterally across networks.

    Related stories

    Microsoft has published security guidance for organisations running vulnerable SharePoint instances, including detailed steps for threat detection and mitigation. However, experts stress that proactive investigation is essential, as compromised systems may not show immediate signs of intrusion.

    Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

    MC Tech Desk Read the latest and trending tech news—stay updated on AI, gadgets, cybersecurity, software updates, smartphones, blockchain, space tech, and the future of innovation.
    first published: Jul 21, 2025 08:42 pm

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347