SharePoint Hacks Turn Up Heat on Microsoft's Cyber Overhaul
Advertisement
Battered by its role in several major hacks, the software giant in late 2023 vowed to overhaul its cybersecurity, in a project called the Secure Future Initiative. The April report noted significant advances, including fostering a 'security-first mindset' in employees and making strides in meeting engineering goals.
'Our progress will not be linear,' the report added.
It didn't take long to prove the company's point. On Tuesday, Microsoft accused three Chinese hacking groups, two tied to the government in Beijing, of exploiting flaws in SharePoint document management software as part of a global campaign that's targeted businesses and government agencies, including the US Department of Education.
Attackers have exploited the flaws since July 7, according to cybersecurity researchers.
The full extent of the damage isn't yet clear. The flaws apply to SharePoint customers who manage the software on their own networks, as opposed to on the cloud. That limits potential victims — though the number could still be significant given Microsoft's reach.
Advertisement
Roger Cressey, a former cybersecurity official under presidents Bill Clinton and George W. Bush, said errors at organizations as dominant as Microsoft have high stakes and changes are hard to make given its size.
'When you have one provider so omnipresent in our digital ecosystem, the blast radius of their mistakes is enormous,' said Cressey, a partner at Mountain Wave Ventures, whose clients include some Microsoft competitors. 'It's another reminder that Microsoft's failure on making security a priority is impacting our national and economic security.'
Microsoft quickly rolled out patches for the flaws, though it said in a blog post Tuesday that it had 'high confidence' that hackers would continue to use the flaws to attack unpatched SharePoint systems.
The intrusion is another public relations headache for a company trying to bolster its cyber defenses and reputation. Microsoft is the world's largest software vendor, making it a target for cyber-spies and criminals. It is also the biggest seller of cybersecurity products.
Advertisement
'As part of the Secure Future Initiative, we're focused on accelerating and strengthening our security incident response,' said Microsoft spokesman Frank Shaw. 'In this case, we acted quickly, delivering detailed customer guidance and releasing three new security updates within 72 hours to help protect against adversary attacks.'
There's little evidence that previous major cyberattacks tied to Microsoft have hurt the company's bottom line. Anurag Rana, a senior analyst at Bloomberg Intelligence, said it could even help Microsoft by convincing customers to move SharePoint to the tech giant's cloud, which he described as safer and cheaper in the long run.
What's less clear is what impact the latest breach will have on Microsoft's efforts to repair its cybersecurity credentials and appease long-term critics.
Advertisement
One of them, US Senator Ron Wyden, a Democrat from Oregon, said government agencies have become dependent on 'a company that not only doesn't care about security but is making billions of dollars selling premium cybersecurity services to address the flaws in its products.'
'Each hack caused by Microsoft's negligence results in increased government spending on Microsoft cybersecurity services,' Wyden said in a statement, when asked to respond to the SharePoint vulnerabilities. 'The government will never escape this cycle unless it stops rewarding Microsoft.'
In its April report, Microsoft described the Secure Future Initiative as an ambitious undertaking that would take years. For instance, out of 28 engineering objectives, five are nearing completion, 11 have made significant progress and Microsoft continues to work on the others.
Advertisement
'The threat landscape will continue to evolve, resulting in new vulnerabilities and security incidents,' according to the report. 'Technology will advance, creating new ways to improve security and new issues to address. Each of these is an opportunity to work with our customers and the industry to strengthen our collective defenses.'
--With assistance from Jake Bleiberg.
More stories like this are available on bloomberg.com
©2025 Bloomberg L.P.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
India.com
2 hours ago
- India.com
Bad news for employees of Ratan Tata's TCS, Satya Nadella's Microsoft, Intel as they plan to sack 50,000 employees due to...
Narayan Murthy and Late Ratan Tata- File image IT sector layoff: In a significant bad news for the global tech and IT sector and its millions of employees , three industry giants, Intel, Microsoft, and Tata Consultancy Services (TCS) have collectively announced over 50,000 job cuts in just one week. Readers should note that the massive layoffs wave mark one of the most significant employment disruptions in recent memory. Here are all the details you need to know about the massive layoff wave in the IT sector. Which IT jobs are under risk? Driven by the rapid adoption of artificial intelligence and shifting business priorities amid a broader push toward cost optimization, the major IT companies are taking the decision to reduce their workforce. The world already knows that Microsoft is planning to cut around 9,100 jobs globally, primarily targeting its Xbox, software, and cloud divisions as the company pivots more aggressively toward AI and flattens management structures. Which IT companies are firing on mass scale? Another major company, Intel, which is facing profitability pressures, is slashing over 5,000 roles across multiple US states as part of its strategy to become leaner and more agile. In another update, Ratan TCS, which is India's largest IT firm is trimming about 2% of its workforce, which may possibly impact more than 12,000 employees, especially at the mid- and senior levels, as automation. Why are IT companies doing mass-layoff? Experts say that these large-scale layoffs highlight a deeper structural shift across the tech industry, where AI is not just a tool but a trigger for disruption. As the IT companies are prioritizing more and more innovation and efficiency, traditional roles which were done by humans are rapidly being redefined or replacement.
Mint
2 hours ago
- Mint
Boeing Defense Workers Reject Contract in New Labor Turmoil
(Bloomberg) -- Boeing Co. faces the risk of a strike at its St. Louis defense hub after union workers rejected a contract offer that would boost their wages by 20% over four years. The International Association of Machinists and Aerospace Workers Local 837, which represents 3,200 Boeing defense workers in Missouri and Illinois, voted overwhelmingly against the new terms Sunday. The Boeing proposal 'fell short of addressing the priorities and sacrifices' of the company's skilled workforce, the union said in a statement. 'Our members are standing together to demand a contract that respects their work and ensures a secure future.' While the present contract expires at 11:59 p.m. Central Time on Sunday, management still has a chance to win over rank-and-file members by sweetening its offer during a seven-day 'cooling off' period. If that's unsuccessful, IAM Local 837 workers will walk off the job and shut down manufacturing in Boeing's military aircraft hub. The aerospace manufacturer is seeking to avoid another labor standoff after a strike by a Seattle-based Machinists union crippled manufacturing at its commercial jet factories for more than two months last year. Boeing could not be immediately reached for comment. Any labor strife would be costly for Boeing's defense division, which hasn't earned an annual profit since 2022 and is in the middle of a turnaround. A strike would shut down assembly lines for Boeing's F-15 and F/A-18 fighter jets, T-7A trainer, MQ-25 drone refueler and other weapons systems. The labor uncertainty will be a focus for analysts when Boeing reports quarterly earnings on Tuesday. It's also a bellwether as GE Aerospace launches contract negotiations with a separate IAM local on Sunday. St. Louis workers last went on strike in 1996 and don't have a history of activism, unlike Boeing's unions in the Pacific Northwest, according to Scott Mikus, an analyst with Melius Research. Union members initially rejected management's offer during the last negotiation with Boeing in 2022, before accepting a three-year deal with a 14% general wage increase and cost-of-living adjustments. While Puget Sound labor leaders endorsed Boeing's initial offer last year, they were rebuffed by rank-and-file members embittered by an earlier 10-year contract that stripped away pensions and locked in low wage increases while inflation soared. The lengthy strike squeezed the company's working capital and spurred Boeing to sell equity worth almost $24 billion. --With assistance from Bill Haubert. (Updates with comments from labor union in third paragraph, attempt to reach Boeing in fifth paragraph.) More stories like this are available on
Mint
2 hours ago
- Mint
TCS to lay off over 12,000 employees this year; mid, senior level staff to be impacted
New Delhi, Jul 27 (PTI) India's largest IT services firm, Tata Consultancy Services (TCS), is set to lay off about 2 per cent, or 12,261 employees, of its global workforce this year, with the majority of those impacted belonging to middle and senior grades. As of June 30, 2025, TCS's workforce stood at 6,13,069. It increased its workforce by 5,000 employees in the recently concluded April-June quarter. The move is part of the company's broader strategy to become a "future-ready organisation", focusing on investments in technology, AI deployment, market expansion, and workforce realignment, TCS said in a statement. "TCS is on a journey to become a Future-Ready organisation. This includes strategic initiatives on multiple fronts, including investing in new-tech areas, entering new markets, deploying AI at scale for our clients and ourselves, deepening our partnerships, creating next-gen infrastructure, and realigning our workforce model. "Towards this, a number of reskilling and redeployment initiatives have been underway. As part of this journey, we will also be releasing associates from the organisation whose deployment may not be feasible. This will impact about 2 per cent of our global workforce, primarily in the middle and the senior grades, over the course of the year," it said. TCS will provide appropriate benefits, outplacement, counselling, and support to the impacted employees, it added The move comes at a time when India's top IT services companies have delivered single-digit revenue growth in Q1FY26, capping off a somewhat-sobering June quarter as macroeconomic instability and geopolitical tensions weighed on global tech demand and delayed client decision-making. For TCS, the revenue rose 1.3 per cent year-on-year to ₹ 63,437 crore, bottomline improved 5.9 per cent to ₹ 12,760 crore in Q1FY26. TCS MD and Chief Executive K Krithivasan recently said the company is experiencing a "demand contraction" due to the continued uncertainties on the macroeconomic and geopolitical fronts, and added that he does not see a double-digit revenue growth in FY26. Krithivasan explained the delays in decision-making experienced in the preceding quarter have "intensified" now, and hoped for the discretionary spends - a prime mover of revenue growths for IT companies - would return once the uncertainties ebb. Microsoft, the second most valuable publicly listed company after Nvidia globally, has so far laid off over 15,000 employees in 2025, that is 7 per cent of the company's global workforce. In a memo to over 200,000 employees last week, Microsoft CEO Satya Nadella said the layoffs this year have been "weighing heavily" on him. "This is the enigma of success in an industry that has no franchise value,' he said in the memo to staff. He added: "Progress isn't linear. It's dynamic, sometimes dissonant, and always demanding. But it's also a new opportunity for us to shape, lead through, and have greater impact than ever before." According to - a platform that tracks global tech industry layoffs - over 80,000 tech workers have been laid off across 169 tech companies in 2025 alone. In 2024, that number stood at a staggering 1.5 lakh across 551 tech companies - the stark numbers coinciding as much with global macroeconomic woes as with deep debate in tech circles about the impact of AI on job roles, workforce, and employability.
