Microsoft faces scrutiny after a critical vulnerability in its SharePoint server software – initially identified in May – was not fully fixed by a patch released last month, according to a report published by Reuters on Tuesday. Despite the company calling the bug a “critical vulnerability” and issuing an update on July 8, hackers appear to have since found a way to bypass it.
The Flaw That Slipped Through
British cybersecurity firm Sophos said on Monday that “threat actors subsequently developed exploits that appear to bypass these patches.” Consequently, these fresh exploits have now led to a global cyber espionage campaign that has reportedly affected an estimated 100 organisations, including governments worldwide and global businesses, so far.
Where It All Began
According to the report, the vulnerability was first revealed at a Trend Micro-hosted hacking contest in Berlin this May, where researchers earned rewards for finding dangerous software bugs. A researcher from Viettel, Vietnam’s military-owned telecom firm, discovered the SharePoint flaw – nicknamed ‘ToolShell’ and demonstrated how it could be exploited, the report further said.
According to Trend Micro’s ‘Zero Day’ Initiative on X, the researcher won $100,000 for the discovery.
The Suspected Culprit
Google’s cybersecurity team, meanwhile, has linked at least some of the attacks to a “China-nexus threat actor.” Beijing, for its part, has repeatedly denied involvement in hacking campaigns.
Thousands of Servers at Risk
Despite Microsoft’s patch, online scans show the bug may still be a ticking time bomb. Data estimates from Shodan cited by the news agency showed that more than 8,000 internet-connected SharePoint servers could be compromised. The Shadowserver Foundation, the report said, put the number slightly higher, at over 9,000 vulnerable servers.
Victims of the latest cybersecurity hack potentially include banks, healthcare firms, auditors, and government entities both in the US and internationally.
Microsoft hasn’t publicly commented on the failed patch or the nature of cyberattacks as of Tuesday.
ALSO READ: What Is A ‘Zero-Day’ Exploit? Microsoft SharePoint Hack Putting Govts at Risk | Explained
