Hundreds of organizations globally have reported data breaches due to a vulnerability in older versions of Microsoft’s SharePoint, a file-sharing tool. This issue has been exacerbated as Microsoft shifts its focus to newer cloud offerings while older systems remain in use, leaving those institutions at risk.
Microsoft confirmed that multiple hacking groups, including those tied to China, have been exploiting this flaw in self-hosted versions of SharePoint. The exploit does not affect the newer, cloud-based editions that Microsoft urges customers to utilize. Significant targets include the United States National Nuclear Security Administration, which has suffered breaches linked to these vulnerabilities.
Older SharePoint servers are particularly appealing to hackers because they are often left exposed on the internet by organizations that neglect to allocate resources for their security. Even if a fix is available, users may ignore it. This situation has worsened since Microsoft’s recent patch attempt—which corrected a previously discovered flaw—was flawed itself, leaving even diligent users vulnerable. In response, Microsoft rushed to provide a stronger patch.
Microsoft supports SharePoint Server versions 2016 and 2019, but these will also reach "End of Support" in July 2026, while earlier versions are already out of support. SharePoint servers are increasingly viewed as a security risk, especially when they are publicly accessible.
Experts, including those from the Cybersecurity and Infrastructure Security Agency (CISA), recommend that organizations disconnect any public-facing SharePoint servers that have already reached their end-of-life. This guidance comes in light of the broader challenges presented by legacy software, as organizations that cling to outdated systems continue to expose themselves to potential breaches.
Despite assurances from the Department of Energy that sensitive data remained secure, the incident highlights the risks associated with legacy software. Organizations are advised to ensure that all systems, especially those connected to the internet, are regularly updated and monitored to mitigate security risks.
For more detailed information on the vulnerabilities involved and Microsoft’s guidance, you can visit the official Microsoft security alert here or the CISA recommendations here.
