Microsoft knew of SharePoint security flaw but failed to effectively patch it, timeline shows
A Microsoft spokesperson confirmed on Tuesday that its initial solution did not work. The spokesperson added that Microsoft had released further patches that fixed the issue. It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend and is expected to escalate as other hackers join the fray. Microsoft said in a blog post that two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the vulnerabilities, along with another China-based hacking group.
Microsoft and Alphabet's Google have said that China-linked hackers were likely behind the first wave of hacks. Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies carrying out hacking operations. In an emailed statement, the Chinese embassy in Washington said China opposes all forms of cyberattacks, and "smearing others without solid evidence." The vulnerability that facilitated the attack was first identified in May at a hacking competition in Berlin organised by cybersecurity firm Trend Micro, which offered cash bounties for the discovery of computer bugs in popular software.
It offered a $100,000 prize for "zero-day" exploits, which are called that because they leverage previously undisclosed digital weaknesses that could be used against SharePoint, Microsoft's flagship document management and collaboration platform.
A researcher working for the cybersecurity arm of Viettel, a telecommunications firm operated by Vietnam's military, identified a SharePoint bug at the event, dubbed it "ToolShell" and demonstrated a method of exploiting it. The researcher was awarded $100,000 for the discovery, according to a post on X by Trend Micro's "Zero Day Initiative."
In a statement, Trend Micro said it was the responsibility of vendors participating in its competition to patch and disclose security flaws in "an effective and timely manner."
"Patches will occasionally fail. This has happened with SharePoint in the past," the statement said. Microsoft said in a July 8 security update that it had identified the bug, listed it as a critical vulnerability, and released patches to fix it.
About 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers. "Threat actors subsequently developed exploits that appear to bypass these patches," British cybersecurity firm Sophos said in a blog post on Monday.
The pool of potential ToolShell targets remains vast.
According to data from Shodan, a search engine that helps identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
The Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, while cautioning that the figure was a minimum. It said most of those affected were in the United States and Germany, and the victims included government organisations. Germany's federal office for information security, BSI, said on Tuesday it had found SharePoint servers within government networks that were vulnerable to the ToolShell attack but none had been compromised.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Economic Times
21 minutes ago
- Economic Times
The Hundred looking to feed off IPL's 'phenomenal growth' after drawing Indian investment
The investment of four IPL owners into The Hundred will enable the England and Wales Cricket Board-backed event to grow rapidly and learn immensely from the skills possessed by the top minds working for the world's biggest T20 league. Out of the eight teams in the 100-ball competition, four will be partially owned by owners of Mumbai Indians, Sunrisers Hyderabad, Lucknow Super Giants and Delhi Capitals (only GMR group involved). After a long delay, the ECB finalised the deals with the IPL and other investors on Wednesday. Reliance Group, which will own 49 percent of the London-based Oval franchise, and Trent Rockets are yet to close agreements with the ECB. "It's brilliant. You look at what the IPL has done, forget cricket, in sport in general, the growth it's achieved in 18 short years. It's nothing short of phenomenal," said Vikram Banerji, Managing Director of The Hundred, in response to a PTI query on Thursday. "So the growth and the learnings, both on the field and off the field, that they can bring into this tournament, with the balance of the other investors that we've got from America and wherever else, I'm really excited about that side of things, about the skill sets that are now coming into English cricket," he said. The deal will take effect from 2026 season and the investors will take operation control of the franchise from October 1, 2025. Asked about the reason for the delay in closing the agreement with the Reliance-backed Oval franchise and Trent Rockets, Banerji said: "Right at the start we offered all the investors the opportunity to sign and close immediately whenever the legals were all done and have some involvement in this year. "On the whole, it's been run as it was, or close formally at the end of the season, early October, when they close formally, when they take operational control of the name of the brand. So those two chose that months ago. "With Trent Rockets, it's documents were signed and all the rest of it fully there. With the Oval Invincibles, there's three things left on their venue hire stuff that they're working through. They're small things, it'll be a matter of weeks, and that'll get signed out." Banerji and the rest of the stakeholders will soon have a meeting with the new investors for the tournament operations from 2026 onwards. Barring The Hundred, all leagues including the IPL are being played in the T20 format. Is there an inclination from the IPL owners to switch to the standard T20 format from the current 100-ball a side format? "I think you have to look at what works in this country. There have been some discussions around kind of it works elsewhere, but in this country, the format has provided us with some really interesting things, especially from a broadcast perspective in terms of the reach it's provided and that ability to create a new crowd. "At the moment, it's the 100 format, and that will remain for now. But let's see where we get to in a month," said Banerji, who added the participation of active Indian players remains off the card despite the IPL investment into the competition. Sitting alongside Banerji, ECB chief executive Richard Gould, was also asked about the participation of Pakistan players in The Hundred in light of Indian investment. No Pakistan player was picked in the 2025 draft for different reasons. Gould asserted the ECB will take action if the owners are found to be discriminatory in player selection irrespective of his nationality. "We would expect players of all nations to be selected for all teams. I haven't had the need to have any discussion at this point (with new investors)." So is the latest draft just a coincidence? "I don't, I don't know. But we have not had any discussions with the owners at this point. But, we've got very clear anti-discrimination policies within cricket in England. And if those are, if those are not adhered to, our cricket regulator will take action," said Gould. Now that the deals are done, the ECB expects the change in name of at least three teams backed by IPL team owners including Reliance, RPSG and GMR. The sale of stakes have catapulted the valuation of teams to over 975 million pounds with more than 500 million pounds set to be invested in English cricket.
Time of India
23 minutes ago
- Time of India
Google loses appeal over app store reforms in Epic Games case
Academy Empower your mind, elevate your skills Alphabet's Google on Thursday failed to persuade a US appeals panel to overturn a jury verdict and federal court order requiring the technology giant to revamp its app store San Francisco-based 9th US Circuit Court of Appeals rejected claims from Google that the trial judge made legal errors in the antitrust case that unfairly benefited "Fortnite" maker Epic Games, which filed the lawsuit in accused Google of monopolising how consumers access apps on Android devices and pay for transactions within apps. The Cary, North Carolina-based company convinced a San Francisco jury in 2023 that Google illegally stifled District Judge James Donato in San Francisco ordered Google in October to restore competition by allowing users to download rival app stores within its Play store and by making Play's app catalog available to those competitors, among other order was on hold pending the outcome of the 9th Circuit appeal. The court's decision can be appealed to the US Supreme told the appeals court that the tech company's Play store competes with Apple's App Store, and that Donato unfairly barred Google from making that point to contest Epic's antitrust tech giant also argued that a jury should never have heard Epic's lawsuit because it sought to enjoin Google's conduct - a request normally decided by a judge - and not collect has defended the verdict and court injunction, telling the 9th Circuit judges that the Android app market has been "suffering under anti-competitive behavior for the better part of a decade."In the trial court and in the appeal, Epic disputed arguments by Google that changes to its app business ordered by the court would harm user privacy and filed a brief backing Epic, as did the US Justice Department and Federal Trade separately is battling Apple over a US judge's order requiring the iPhone maker to give developers greater freedom to steer consumers to make purchases outside its App has appealed a ruling that said it violated a prior injunction in a lawsuit that Epic filed in 2020.
The Hindu
23 minutes ago
- The Hindu
Cholamandalam Investment and Finance Q1 net profit up 21%
Cholamandalam Investment and Finance Company Ltd.'s first quarter consolidated net profit rose 21% to ₹1,136 crore from ₹942 crore in the same period last year, even as the company's aggregate disbursements remained flat. The company's net income grew 27% to ₹ 3,864 crore in the April-June quarter 2025 from ₹ 3,033 crore in the comparable period last year. The financial services arm of the diversified conglomerate Murugappa Group said its Asset Under Management (AUM) grew 23% to ₹ 2,07,663 crore as of June 30, 2025. The Chennai-based company's aggregate disbursement in the first quarter of FY2025-26 was almost flat at ₹24,325 crore compared with ₹24,332 crore in the year-ago period. Vehicle finance disbursements grew 7% to ₹13,647 crore in April-June 2025 from ₹12,766 crore in the same period last year. Loan Against Property (LAP) business disbursements increased 21% to ₹ 4,705 crore in the first quarter of 2025-2026 from ₹3,874 crore in the comparable period last year. Home loans disbursement saw a marginal decline to ₹ 1,764 crore in the first quarter of FY26 from ₹ 1,778 crore last year. Small and Medium Enterprises Loan (SME) business disbursement declined to ₹ 1,705 crore in the April-June 2025 quarter from ₹2,160 crore in the comparable period, due to the conscious call to slow down certain low return on total assets products in this segment, the company said. Due to the company exiting the partnership business, consumer and small enterprise loans disbursement declined to ₹2,046 crore in first quarter of 2025-26 from ₹3,486 crore last year. Secured business and personal loan disbursement grew 34%to ₹359 crore in April-June 2025, from ₹268 crore in the comparable period last year, while newly launched gold loan business disbursed ₹100 crore. The capital adequacy ratio (CAR) of the company as of June 30, 2025, was at 19.96% as against the regulatory requirement of 15%.
