top of page

Microsoft Patch Failed to Fix SharePoint Flaw, Enabling Global Cyber Espionage

  • Writer: tech360.tv
    tech360.tv
  • Jul 23, 2025
  • 2 min read

A critical vulnerability in Microsoft’s SharePoint server software remained exploitable despite an initial patch, enabling a widespread cyber espionage campaign targeting around 100 organisations globally.



Microsoft confirmed that its first patch, released earlier this month, did not fully resolve the flaw. The company has since issued additional updates to address the issue.


The vulnerability, dubbed "ToolShell," was first discovered in May during a hacking competition in Berlin hosted by cybersecurity firm Trend Micro. A researcher from Viettel, a Vietnamese military-operated telecommunications firm, identified and demonstrated the exploit, earning a USD 100,000 prize.


Microsoft listed the flaw as a critical vulnerability in a July 8 update and released a patch. However, within 10 days, cybersecurity firms observed a surge in malicious activity targeting SharePoint servers.


Hands typing on a laptop with virtual icons of a lock, globe, and network map. Green plant in background adds a secure, tech vibe.

British cybersecurity firm Sophos reported that threat actors developed exploits that bypassed Microsoft’s initial patch. Microsoft stated in a blog post that Chinese-linked hacking groups, including "Linen Typhoon" and "Violet Typhoon," were exploiting the flaw, along with another China-based group.


Both Microsoft and Google have attributed the first wave of attacks to China-linked hackers. The Chinese embassy in Washington denied involvement, stating that China opposes all forms of cyberattacks and criticised accusations made without solid evidence.


Trend Micro emphasised that vendors participating in its competition are responsible for patching and disclosing vulnerabilities effectively and promptly. The company noted that patch failures have occurred with SharePoint in the past.


According to internet search engine Shodan, more than 8,000 SharePoint servers could be vulnerable. The Shadowserver Foundation estimated over 9,000 potentially affected servers, primarily in the United States and Germany, including those operated by industrial firms, banks, healthcare providers, auditors, and government entities.


Germany’s federal cybersecurity agency, BSI, confirmed that vulnerable SharePoint servers were found within government networks but said none had been compromised.

  • Microsoft’s initial patch failed to fix a critical SharePoint flaw

  • The vulnerability, ToolShell, was discovered in May at a hacking contest

  • Chinese-linked hackers are exploiting the flaw in a global cyber campaign


Source: REUTERS

As technology advances and has a greater impact on our lives than ever before, being informed is the only way to keep up.  Through our product reviews and news articles, we want to be able to aid our readers in doing so. All of our reviews are carefully written, offer unique insights and critiques, and provide trustworthy recommendations. Our news stories are sourced from trustworthy sources, fact-checked by our team, and presented with the help of AI to make them easier to comprehend for our readers. If you notice any errors in our product reviews or news stories, please email us at editorial@tech360.tv.  Your input will be important in ensuring that our articles are accurate for all of our readers.

Tech360tv is Singapore's Tech News and Gadget Reviews platform. Join us for our in depth PC reviews, Smartphone reviews, Audio reviews, Camera reviews and other gadget reviews.

  • YouTube
  • Facebook
  • TikTok
  • Instagram
  • Twitter
  • LinkedIn

About Us

Privacy

Disclaimer

info@tech360.tv

© 2021 tech360.tv. All rights reserved.

bottom of page