The post Microsoft fails to issue a patch amid expanding breach appeared on BitcoinEthereumNews.com.

Hackers have launched a large-scale cyberattack exploiting a critical flaw in Microsoft’s widely used SharePoint Server software. According to state officials, the breach has compromised US federal and state government agencies, universities, energy companies, and even telecommunications infrastructure in Asia. The vulnerability lies in on-premises SharePoint servers—systems used internally to store and share documents—not in Microsoft’s cloud services like Microsoft 365, making them prime targets for attackers. The flaw is being called a “zero-day” vulnerability, a new software vulnerability for which Microsoft has yet to produce a patch. Organizations had zero days to prepare and opened up thousands of institutions to attack. According to security researchers, the hackers have penetrated systems in over 50 organizations, including multiple European government agencies, an energy company in a large US state, and a university in Brazil. In one eastern United States state, attackers took control of a trove of documents designated for public disclosure, then held it in limbo so the agency could not pull them back and remove them. Microsoft fails to issue a patch amid expanding breach The US Cybersecurity and Infrastructure Security Agency and cybersecurity authorities in Canada and Australia are actively investigating the breach. Microsoft has yet to release a patch for the SharePoint server vulnerability, forcing affected organizations to rely on temporary fixes—like adjusting server configurations or taking systems offline—to mitigate the risk. Microsoft confirmed the breach and posted an alert but said nothing publicly. The company has urged users to apply lockdown settings and remove exposed servers from the internet to mitigate exposure. The Center for Internet Security, which works with local governments around the US, said it sent warnings to about 100 possibly affected organizations, including public schools and universities. The reaction was also hampered by more recent cuts to funding, which have slashed threat intelligence…

---

Filed under: News - @ July 21, 2025 1:23 am