Numerous organizations globally experienced data breaches this week, following the exploitation of a recently discovered vulnerability in older versions of Microsoft’s SharePoint file-sharing platform. This wave of attacks further complicates the cybersecurity landscape for institutions that have relied on SharePoint, as they face heightened risk while Microsoft shifts its focus towards newer cloud offerings, gradually discontinuing support for older platforms.
According to Microsoft, various hacking groups, including multiple linked to China, have taken advantage of this security flaw, which specifically affects on-premises versions of SharePoint maintained by organizations. Fortunately, this vulnerability does not extend to the newer, cloud-based iterations of SharePoint that Microsoft has been recommending for years. Reports indicated that one notable victim of this breach includes the United States National Nuclear Security Administration, which is responsible for overseeing U.S. nuclear arsenals.
On-premises SharePoint servers represent an attractive target for cybercriminals, primarily because many organizations inadvertently expose them to the open internet without sufficient security measures. It is not uncommon for these organizations to neglect timely updates or budget for necessary upgrades. This recent vulnerability echoes a prior flaw identified during the Pwn2Own hacking competition in Berlin. While a patch was released earlier this month, it has been criticized as ineffective, leading Microsoft to issue a secondary fix described as “more robust protections” to mitigate the fallout from this oversight.
A Microsoft representative emphasized the company’s commitment to supporting its customers through its Secure Future Initiative, which seeks to address the needs of organizations managing both cloud-based and on-premises systems. While Microsoft currently provides security updates for SharePoint Server versions 2016 and 2019, both of these versions are scheduled to reach their “End of Support” phase on July 14, 2026. SharePoint Server 2013 and earlier versions are already out of support, receiving only critical updates through a paid service known as SharePoint Server Subscription Edition.
The precarious position of SharePoint servers highlights the risks associated with maintaining legacy systems. Organizations may find themselves in a predicament where the convenience of operating familiar software is outweighed by significant security vulnerabilities, especially when these servers are accessible via the internet. As Jake Williams, an incident responder and vice president of research and development at Hunter Strategy, notes, organizations that opted for SharePoint due to its early promises of security are now facing unintended consequences.
In these incidents, various tactics from the MITRE ATT&CK framework could potentially have been employed. Initial access was likely gained through the exploitation of unpatched vulnerabilities, and once inside, the attackers may have used techniques to escalate privileges and establish persistence within the system. Organizations are increasingly required to consider not only the operational costs related to continued usage of outdated systems but also to factor in the financial implications of incident response in cases where a breach occurs.
The troubling reality is that organizations exposed to the internet without adequate protective measures are inviting cyber incidents. As the cybersecurity landscape continues to evolve, it remains imperative for businesses to reevaluate their legacy systems and ensure they adopt the latest security protocols to protect sensitive data effectively.
