Once again, Microsoft finds itself in the spotlight for poor security practices. This time, a major vulnerability in SharePoint, one of its most popular collaboration tools, has led to a widespread and serious cyberattack. The hack has affected government agencies and businesses worldwide, making it one of the worst security breaches in Microsoft’s history.

SharePoint is used by many organizations to build websites, manage files, and enable teamwork. It also works closely with Outlook and Teams, so a breach here can have far-reaching consequences. The problem only affects on-premises SharePoint servers. Cloud-based versions remain safe. This distinction is important because many organizations still rely on local servers for their SharePoint setup.

The scope of the attack is staggering. Tens of thousands of servers fell victim, including critical US government agencies. The National Institutes of Health and the National Nuclear Security Administration, which manages nuclear security and helps guard nuclear weapons, were among the targets. The NNSA’s role is vital, overseeing 5,000 nuclear warheads, preventing radiation leaks, and ensuring weapons don’t accidentally detonate. Other federal agencies like Homeland Security, Transportation Security Administration, Customs and Border Protection, and FEMA also experienced breaches.

This isn’t the first time Microsoft’s security has come under criticism. Experts and security firms have pointed out for years that Microsoft often fails to patch vulnerabilities quickly enough. In this case, even after Microsoft released patches, hackers managed to bypass them and gain access. Security firm Sophos reported that hackers had already infiltrated many networks before the patches could be fully effective, meaning the damage was already done in many cases.

Last year, the Department of Homeland Security published a report highlighting Microsoft’s security shortcomings. It detailed how poor security practices allowed Chinese spies to access the accounts of high-level US officials, including the Commerce Secretary and US ambassadors. The report called Microsoft’s security “inadequate” and said it needed a complete overhaul. Yet, a year later, little seemed to change.

So, how did the hack happen? According to CISA, the breach involved hackers installing a backdoor called “ToolShell” on compromised SharePoint servers. This gave them full control over shared files and systems. The backdoor also enabled remote command execution, allowing hackers to manipulate servers at will. An additional threat was the theft of server machine keys—special codes that protect SharePoint data—which could be used for future attacks or to regain access later.

Experts warn that patching the vulnerability alone isn’t enough. Organizations need to take extra steps, such as rotating these machine keys and restarting their servers’ IIS (Internet Information Services). Doing so can help prevent hackers from reusing stolen keys or maintaining persistent access. Microsoft linked the attack to groups believed to be associated with the Chinese government, including Linen Typhoon, Violet Typhoon, and Storm-2603. The last group reportedly used the breach to deploy ransomware, making the situation even more dangerous.

Security advisors like Sunil Varkey from Beagle Security blame Microsoft for missing the larger picture. He points out that vulnerabilities are often interconnected, and ignoring that complexity makes attacks much worse. When multiple security flaws combine, they create a much larger threat.

Looking ahead, Microsoft’s reputation is on the line. In the past, congressional leaders questioned the company’s security practices after breaches involving top US officials. For example, senators asked the Pentagon to reconsider relying heavily on Microsoft products. Yet, nothing significant changed then. Today, there’s little political pressure on Microsoft to improve, partly because Congress seems preoccupied with other issues. Still, if a big political or military figure were affected again, it could prompt renewed scrutiny.

For now, Microsoft needs to act fast. The company must fix its security flaws, improve patching processes, and help organizations fully eliminate hacker access. Otherwise, it risks more damage and a lost reputation. As cyber threats grow more complex, companies like Microsoft can’t afford to fall behind on security. Customers and governments alike depend on reliable, secure software—something that’s clearly overdue for improvement.

Inspired by

• https://www.computerworld.com/article/4029811/again-microsoft-hit-for-poor-security-in-major-sharepoint-hack.html

Sources

• gmpg.org
• csoonline.com
• washingtonpost.com
• nextgov.com
• sophos.com