Who is at risk of ‘Microsoft SharePoint hack’: ‘Anybody who’s got a …’

Microsoft has released an urgent fix for a severe “zero-day” vulnerability within its widely-used SharePoint software, a flaw that hackers are said to have actively exploited to launch extensive attacks against businesses and even some U.S. government agencies. For those unaware, Microsoft SharePoint is used by companies for internal document management, data organization and collaboration. ‘Microsoft Sharepoint hack‘ is a zero-day vulnerability. A zero-day vulnerability is a cyberattack that takes advantage of a previously unknown security vulnerability. “Zero-day” refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability.”Microsoft issued an alert to customers on Saturday, July 19, confirming active exploitation of the previously unknown vulnerability and assuring users that a patch was in the works. By Sunday, July 20, Microsoft updated its guidance, providing crucial instructions for applying the fix to SharePoint Server 2019 and SharePoint Server Subscription Edition.However, the challenge persists for users of older software, as Microsoft engineers are still developing a solution for SharePoint Server 2016. So, who’s all at risk? Adam Meyers, senior vice president at cybersecurity firm CrowdStrike, told news agency AP, “Anybody who’s got a hosted SharePoint server has got a problem.” Calling it critical, he added, “It’s a significant vulnerability.”Cyber security company Eye Security said that attacks likely began on July 18. and it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised.

How can hackers harm organisations impacted by the ‘Microsoft Sharepoint’ vulnerability

Security researchers warn that the exploit, reportedly known as “ToolShell,” is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive.Google’s Threat Intelligence Group warned that the vulnerability may allow bad actors to “bypass future patching.”

CISA warning to companies impacted by Microsoft SharePoint hack

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting Microsoft SharePoint is “a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.” CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.