Microsoft Server Software Under Widespread Cyberattack with Unknown Hackers Targeting Governments and Companies Worldwide.

Microsoft's SharePoint servers are under attack by unknown hackers, with thousands of companies worldwide potentially affected. The US Cybersecurity and Infrastructure Security Agency has confirmed the vulnerability allows hackers to access file systems and internal configurations and execute malicious code. Microsoft has released a security update and is working on further patches. Companies in the US, Netherlands, UK, and Canada are most at risk.

Microsoft has issued an alert about active attacks on server software used by government agencies and businesses to share documents within organizations. The vulnerabilities apply only to SharePoint servers used within organizations, and not to SharePoint Online in Microsoft 365, which is in the cloud [1].

The attacks, known as zero-day exploits, target previously unknown vulnerabilities in SharePoint servers. This has led to the compromise of thousands of servers worldwide, with the U.S., Netherlands, UK, and Canada being the most affected regions [2]. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the vulnerability allows hackers to access file systems and internal configurations, as well as execute malicious code [3].

Microsoft has recommended immediate security updates for customers and is working on patches for the affected versions of SharePoint. The company has also advised customers to enable AMSI integration and deploy Defender AV on all SharePoint servers to mitigate the risk [2].

The attacks have been attributed to unidentified actors who have exploited a flaw in the SharePoint server software to launch remote code execution (RCE) attacks. These attacks can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization, or website [1].

The hack is a significant concern for businesses and government agencies, as it can lead to data breaches, financial losses, and reputational damage. Microsoft's response to the attack has been criticized for being slow and insufficient, with the company only issuing a security update after the attacks had already occurred [3].

The ongoing investigation into the attacks is expected to provide more information about the extent of the damage and the identity of the perpetrators. In the meantime, companies are advised to take immediate action to protect their SharePoint servers and mitigate the risk of further attacks.

References:
[1] Reuters. (2025, July 20). Microsoft alerts businesses, governments to server software attack. Retrieved from https://www.reuters.com/sustainability/boards-policy-regulation/microsoft-alerts-businesses-governments-server-software-attack-2025-07-21/
[2] BleepingComputer. (2025, July 18). Microsoft SharePoint zero-day exploited in RCE attacks - no patch available. Retrieved from https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
[3] The Washington Post. (2025, July 20). Hackers exploit major security flaw in Microsoft server software. Retrieved from https://www.washingtonpost.com/technology/2025/07/20/microsoft-sharepoint-hack/