A major cyberattack has struck Microsoft once again, this time targeting its widely used SharePoint Server platform. Hackers have exploited a critical flaw in on-premises SharePoint systems – those hosted internally by organizations – to access sensitive documents and networks. This zero-day vulnerability, as it’s called, left tens of thousands of servers around the world exposed, including those operated by U.S. federal and state agencies, universities, public schools, energy companies, and even foreign governments.
The term “zero-day” refers to a software flaw that is discovered and used by hackers before the software maker has had any time to fix it. Victims have no warning or opportunity to protect themselves. As one cybersecurity expert explained, “Anybody who’s got a hosted SharePoint server has got a problem. It’s a significant vulnerability,” said Adam Meyers, a senior vice president at the cybersecurity firm CrowdStrike.
No Patch, No Protection
When the attack began, Microsoft had not yet issued a fix. It told customers to either unplug their SharePoint servers from the internet or apply a series of complicated settings changes. On Sunday, the company finally released a patch – but only for one version of the software. Two other versions remain unprotected. Meanwhile, hackers continue to exploit the gap.
“We are seeing attempts to exploit thousands of SharePoint servers globally before a patch is available,” said Pete Renals of Palo Alto Networks. His team has tracked dozens of compromised organizations in both the public and private sectors.
Once inside these servers, attackers can steal passwords, access private email systems like Outlook, and even move laterally into connected services like Teams and other core Microsoft platforms. According to Eye Security, a Netherlands-based research firm, the hackers may have gained access to cryptographic keys, which could let them reenter these systems even after updates are installed. As one unnamed researcher warned, “Pushing out a patch on Monday or Tuesday doesn’t help anybody who’s been compromised in the past 72 hours.”
Evidence of a Wider Problem
At least two U.S. federal agencies have been affected. In one eastern U.S. state, attackers hijacked a public document repository used to educate citizens about government operations. “We will need to make these documents available again in a different repository,” said one state official, who spoke anonymously.
The international scope of the breach is also alarming. Victims include a government agency in Spain, a local agency in Albuquerque, and a university in Brazil. In total, Eye Security has tracked more than 50 confirmed intrusions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) was alerted to the issue on a Friday and immediately contacted Microsoft.
Microsoft declined to comment further, offering little reassurance to those impacted. This silence has deepened frustration among cybersecurity experts and government officials, who accuse Microsoft of reacting too slowly and providing only partial fixes.
The China Connection
This incident comes just days after a separate scandal involving Microsoft’s use of engineers based in China to work on cloud systems for the U.S. Department of Defense. According to a ProPublica investigation, these China-based workers gave instructions to U.S. contractors known as “digital escorts,” who then implemented changes inside the Pentagon’s cloud networks with little oversight.
“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” said one digital escort interviewed by ProPublica.
Defense Secretary Pete Hegseth reacted strongly, saying, “Foreign engineers — from any country, including of course China — should NEVER be allowed to maintain or access DoD systems.” Microsoft quickly announced it would stop using China-based engineers for defense-related work, but critics say the damage may already be done.
Senator Tom Cotton, chair of the Senate Select Committee on Intelligence, wrote to Hegseth asking for details about contractors using Chinese personnel. “China poses one of the most aggressive and dangerous threats to the United States,” he said, citing the country’s past intrusions into U.S. infrastructure and supply chains.
A Long History of Security Failures
This is far from Microsoft’s first cybersecurity disaster. Over the past several years, the company has been at the center of multiple high-profile failures:
- In 2021, hackers exploited four zero-day vulnerabilities in Microsoft Exchange servers, compromising over 250,000 systems worldwide. Around 30,000 of those were in the U.S. The economic damage from this single event likely reached into the tens of billions of dollars.
- In 2017, the WannaCry ransomware attack used a Microsoft Windows flaw to spread globally, including to hospitals and transportation networks. The global cost was estimated at $4 billion, with a significant portion hitting U.S. institutions.
- In 2024, a faulty CrowdStrike update—tied to the Windows ecosystem—crashed 8.5 million computers. Delta Airlines alone reported a $500 million loss. Total U.S. business losses were estimated to be in the billions.
- Microsoft was also blamed in 2023 for allowing Chinese hackers to access U.S. government email accounts, including those of Commerce Secretary Gina Raimondo. A U.S. government panel found serious lapses in Microsoft’s handling of cloud platform security.
These repeated failures raise the question: why does Microsoft continue to dominate government technology contracts despite such a troubling track record?
A Massive Economic Toll
Cybercrime now costs the global economy an estimated $9 trillion annually. In the United States, the average cost of a data breach in 2024 reached $9.36 million per incident. Microsoft, being the primary provider of enterprise operating systems and cloud platforms, plays a central role in many of these events.
While exact figures are difficult to calculate, the economic damage linked specifically to Microsoft’s security flaws in the U.S. alone is estimated to be between $50 billion and $100 billion in the last decade. That includes direct costs like ransom payments and remediation, as well as indirect losses such as lost productivity, regulatory fines, and reputational damage.
The Real Cost of Trusting Microsoft
The latest SharePoint breach is not just another unfortunate incident—it is part of a pattern. Microsoft continues to release software riddled with vulnerabilities. It issues narrow, incomplete patches. It uses foreign labor for sensitive national security projects. And it routinely downplays or delays its response when something goes wrong.
The impact of these failures goes beyond temporary disruptions. They put national security, public trust, and billions of taxpayer dollars at risk.
Once again, Microsoft has shown that it cannot be trusted to prioritize security. And once again, it is American institutions and businesses that are left paying the price.
FAM Editor: Interesting how the damage done by cybercrime far outstrips the value of Microsoft as a corporate entity.
