WASHINGTON: Hackers exploited a security flaw in common Microsoft Corp software to breach governments, businesses and other organisations across the globe and steal sensitive information, according to officials and cybersecurity researchers.

Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software.

The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code.

The hackers, who so far have not been identified, have already used the flaw to break into the systems of national governments in Europe and the Middle East and to breach government agencies in states, including Florida, according to a source.

The person spoke on condition that they not be identified discussing the sensitive information.

Florida state representatives didn’t immediately respond to a request for comment.

The hackers also breached the systems of a US-based healthcare provider and targeted a public university in South-East Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News.

The report does not identify either entity by name but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the United Kingdom and the United States.

In some systems they have broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a source.

“This is a high-severity, high-urgency threat,” said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc.

“What makes this especially concerning is SharePoint’s deep integration with Microsoft’s platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,” he said.

“A compromise doesn’t stay contained – it opens the door to the entire network.”

Tens of thousands – if not hundreds of thousands – of businesses and institutions worldwide use SharePoint in some fashion to store and collaborate on documents.

Microsoft said that attackers are specifically targeting clients running SharePoint servers from their own on-premise networks, as opposed to being hosted and managed by the technology firm.

That could limit the impact to a subsection of customers.

“It’s a dream for ransomware operators,” said Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys.

He estimated that more than 10,000 companies with SharePoint servers were at risk.

The United States had the largest number of such firms, followed by the Netherlands, the United Kingdom and Canada, he said.

The breaches have drawn new scrutiny to Microsoft’s efforts to shore up its cybersecurity after a series of high-profile failures.

The firm has hired executives from places like the US government and holds weekly meetings with senior executives to make its software more resilient.

The company’s tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company’s security culture as in need of urgent reforms. — Bloomberg