{"id":5176,"date":"2025-07-24T07:21:59","date_gmt":"2025-07-24T07:21:59","guid":{"rendered":"https:\/\/prepsaret.com\/news\/?p=5176"},"modified":"2025-07-24T07:21:59","modified_gmt":"2025-07-24T07:21:59","slug":"microsoft-aware-of-sharepoint-vulnerability-but-initial-fix-proved-ineffective-timeline-reveals","status":"publish","type":"post","link":"https:\/\/prepsaret.com\/news\/microsoft-aware-of-sharepoint-vulnerability-but-initial-fix-proved-ineffective-timeline-reveals\/","title":{"rendered":"Microsoft Aware of SharePoint Vulnerability but Initial Fix Proved Ineffective, Timeline Reveals"},"content":{"rendered":"

A recent cybersecurity incident has revealed that a fix released by Microsoft earlier this month failed to effectively address a serious security flaw in its widely used SharePoint server software.\u00a0<\/span><\/p>\n

This shortcoming has reportedly led to a wave of cyber espionage attacks worldwide, according to a timeline reviewed by <\/span>Reuters<\/span><\/i>.<\/span><\/p>\n

Microsoft acknowledged on Tuesday that its initial update, meant to correct a vulnerability exposed during a May hacker competition, was unsuccessful. A spokesperson confirmed that the issue has now been resolved with additional patches.\u00a0<\/span><\/p>\n

Despite this, the identity of the perpetrators behind the sweeping attacks, which have already affected around 100 organizations, remains unknown. Experts warn that the campaign may widen as more hackers exploit the opening.<\/span><\/p>\n

Related story:<\/b> Microsoft Warns of Active Cyberattacks on SharePoint Servers, Urges Immediate Security Updates<\/span><\/a><\/p>\n

Suspected State-Linked Groups Exploit the Gap<\/b><\/h2>\n

In a blog post, Microsoft attributed the exploitation to three groups, including “Linen Typhoon” and “Violet Typhoon”\u2014both believed to have ties to China. Google, alongside <\/span>Microsoft<\/span><\/a>, also pointed to China-linked hackers as likely initiators of the attack wave.<\/span><\/p>\n

Chinese government-affiliated entities are frequently linked to <\/span>cyber intrusions<\/span><\/a>. However, Beijing consistently denies these allegations.\u00a0<\/span><\/p>\n

The Chinese Embassy in Washington responded via email, stating that China “opposed all forms of cyberattacks” and criticized what it called “smearing others without solid evidence.”<\/span><\/p>\n

The flaw was first uncovered in May during a competition in Berlin hosted by cybersecurity firm Trend Micro.\u00a0<\/span><\/p>\n

The event rewarded participants who discovered unreported vulnerabilities, with a $100,000 prize for identifying issues in Microsoft SharePoint.\u00a0<\/span><\/p>\n

One researcher from Viettel, a Vietnamese military-run telecom, presented a successful exploit dubbed “ToolShell” and received the award, according to Trend Micro\u2019s Zero Day Initiative.<\/span><\/p>\n

National Security Implications and Rising Concerns<\/b><\/h2>\n

Bloomberg News reported that the <\/span>U.S. National Nuclear Security Administration<\/span><\/a>, responsible for safeguarding the country\u2019s nuclear arsenal, was among the targets. However, no classified data was believed to be compromised.<\/span><\/p>\n

Following the identification of the flaw, Microsoft listed it as critical in a July 8 update. But within days, cybersecurity firms began to see malicious activity directed at SharePoint servers. Sophos noted that hackers had developed methods to circumvent Microsoft\u2019s patch.<\/span><\/p>\n

Data from the internet-scanning tool Shodan indicated that more than 8,000 servers could be exposed, with systems linked to banks, health providers, industrial firms, and government agencies potentially at risk.\u00a0<\/span><\/p>\n

The Shadowserver Foundation, which monitors online threats, estimated the number of vulnerable servers at over 9,000, mostly located in the U.S. and Germany.<\/span><\/p>\n

Germany\u2019s federal cybersecurity office, BSI, said it had found no evidence of compromised government systems, although several were susceptible to the ToolShell vulnerability.<\/span><\/p>\n

Read next:<\/b> Amazon\u2019s AWS Cuts Hundreds of Jobs Amid AI Restructuring Push<\/span><\/a><\/p>\n

Looking to take your career to the next level?<\/b><\/p>\n

Explore our range of certification prep tools designed to enhance your skills, strengthen your resource management know-how, and keep you competitive in your profession:<\/span><\/p>\n