Sign In

Delhi News Daily

  • Home
  • Fashion
  • Business
  • World News
  • Technology
  • Sports
  • Politics
  • Lifestyle
  • Entertainment
Reading: Microsoft Knew of SharePoint Security Flaw, Timeline Shows – Delhi News Daily
Share

Delhi News Daily

Font ResizerAa
Search
Have an existing account? Sign In
Follow US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
Delhi News Daily > Blog > Technology > Microsoft Knew of SharePoint Security Flaw, Timeline Shows – Delhi News Daily
Technology

Microsoft Knew of SharePoint Security Flaw, Timeline Shows – Delhi News Daily

delhinewsdaily
Last updated: July 24, 2025 4:15 am
delhinewsdaily
Share
Microsoft Knew of SharePoint Security Flaw but Failed to Effectively Patch It, Timeline Shows
SHARE


A security patch Microsoft released this month failed to fully fix a critical flaw in the US tech giant’s SharePoint server software, opening the door to a sweeping global cyber espionage effort, a timeline reviewed by Reuters shows.

On Tuesday, a Microsoft spokesperson confirmed that its initial solution to the flaw, identified at a hacker competition in May, did not work, but added that it released further patches that resolved the issue.

It remains unclear who is behind the spy effort, which targeted about 100 organisations over the weekend, and is expected to spread as other hackers join the fray.

In a blog post Microsoft said two allegedly Chinese hacking groups, dubbed “Linen Typhoon” and “Violet Typhoon,” were exploiting the weaknesses, along with a third, also based in China.

Microsoft and Alphabet’s Google have said China-linked hackers were probably behind the first wave of hacks.

Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies such hacking operations.

In an emailed statement, its embassy in Washington said China opposed all forms of cyberattacks, and “smearing others without solid evidence.”

The vulnerability opening the way for the attack was first identified in May at a Berlin hacking competition organised by cybersecurity firm Trend Micro that offered cash bounties for finding computer bugs in popular software.

It offered a $100,000 prize for so-called “zero-day” exploits that leverage previously undisclosed digital weaknesses that could be used against SharePoint, Microsoft’s flagship document management and collaboration platform.

The US National Nuclear Security Administration, charged with maintaining and designing the nation’s cache of nuclear weapons, was among the agencies breached, Bloomberg News said on Tuesday, citing a person with knowledge of the matter.

No sensitive or classified information is known to have been compromised, it added.

The US Energy Department, the US Cybersecurity and Infrastructure Security Agency, and Microsoft did not immediately respond to Reuters’ requests for comment on the report.

A researcher for the cybersecurity arm of Viettel, a telecoms firm run by Vietnam’s military, identified a SharePoint bug at the May event, dubbed it “ToolShell” and demonstrated a way to exploit it.

The discovery won the researcher an award of $100,000, an X posting by Trend Micro’s “Zero Day Initiative” showed.

Participating vendors were responsible for patching and disclosing security flaws in “an effective and timely manner,” Trend Micro said in a statement.

“Patches will occasionally fail,” it added. “This has happened with SharePoint in the past.”

In a July 8 security update Microsoft said it had identified the bug, listed it as a critical vulnerability, and released patches to fix it.

About 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers.

“Threat actors subsequently developed exploits that appear to bypass these patches,” British cybersecurity firm Sophos said in a blog post on Monday.

The pool of potential ToolShell targets remains vast.

Hackers could theoretically have already compromised more than 8,000 servers online, data from search engine Shodan, which helps identify internet-linked equipment, shows.

Such servers were in networks ranging from auditors, banks, healthcare companies and major industrial firms to U.S. state-level and international government bodies.

The Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, cautioning that the figure is a minimum.

It said most of those affected were in the United States and Germany.

Germany’s federal office for information security, BSI, said on Tuesday it had found no compromised SharePoint servers in government networks, despite some being vulnerable to the ToolShell attack.

© Thomson Reuters 2025



Source link

Share This Article
Twitter Email Copy Link Print
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Previous Article Ozzy Osbourne’s Funeral Demand EXPOSED | No Tears, No Drama – His Final DEMAND – Delhi News Daily
Next Article News18 Next Vice President To Be From BJP, Final Call After PM Modi’s Return: Top NDA Sources – Delhi News Daily
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • States of emergency for New York & New Jersey; video shows subways swamped, flooded streets: Key points – Times of India – Delhi News Daily
  • ‘They have to pay a fair rate’: Trump hikes tariff on Canada from 25% to 35%; here’s why – Times of India – Delhi News Daily
  • Virginia mall scare: Man attempts to abduct 3-year-old; court records show history of violence – Times of India – Delhi News Daily
  • Flysbs Aviation IPO to open with strong buzz as GMP soars to 86% – Delhi News Daily
  • Trade war: ‘Major success’ or ‘factless turbulence’? Here’s how nations reacted to Trump’s new tariffs – Times of India – Delhi News Daily

Recent Comments

No comments to show.

You Might Also Like

Lenskart Will Use Snapdragon Chips in Upcoming Smart Glasses, Says CEO Peyush Bansal
Technology

Lenskart Will Use Snapdragon Chips in Upcoming Smart Glasses – Delhi News Daily

Lenskart is working on a new pair of smart glasses, co-founder and CEO Peyush Bansal announced at the Snapdragon for…

3 Min Read
NASA TEMPO Satellite to Continue Tracking Pollution Hourly from Space Until 2026
Technology

NASA TEMPO Satellite to Continue Tracking Pollution Hourly from Space Until 2026 – Delhi News Daily

The tropospheric mission of NASA was launched in 2023 to monitor pollution. It was abbreviated as TEMPO and has revolutionised…

3 Min Read
Amazon Prime Day Sale 2025: Best Deals on TWS Earphones Under Rs. 10,000 in India
Technology

Amazon Prime Day Sale 2025: Best Deals on TWS Earphones Under Rs. 10,000 – Delhi News Daily

Amazon Prime Day Sale 2025 has begun for users with Prime subscriptions. The sale, which went live at midnight July…

3 Min Read
Crystalline Ice Discovered in Space: New Study Reveals Hidden Order in Cosmic Ice
Technology

Crystalline Ice Discovered in Space: New Study Reveals Hidden Order in Cosmic Ice – Delhi News Daily

Water ice coats many outer solar system bodies – from Jupiter's icy moon Ganymede (above) to interstellar dust. On Earth,…

3 Min Read

Delhi News Daily

© Delhi News Daily Network.

Incognito Web Technologies

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?