Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage

Hundreds of organizations All over the world, has suffered data violations this week, while a range of pirates rushed to exploit a recently discovered vulnerability in the older versions of the Microsoft file sharing tool known as SharePoint. The chain of violations adds to an already urgent and complex dynamic: institutions that are long-standing SharePoint users can face an increased risk by continuing to use the service, just as Microsoft removes support for a platform in favor of new cloud offers.

Microsoft said on Tuesday that in addition to other players, he saw several hacking groups linked to China exploiting the defect, which is specifically present in the older versions of SharePoint which are self-hosted by organizations. This has no impact on the more recent version based on the SharePoint cloud that Microsoft has encouraged customers to adopt for many years. Bloomberg reported on Wednesday for the first time that one of the victims is the National Nuclear Security Administration of the United States, which supervises and maintains American nuclear weapons.

The “SharePoint Self-Traités” or self-managed servers are a popular target for pirates, because organizations have often configured them in such a way that they are exposed on the Internet open and forget them or do not want to allocate the budget to replace them. Even if fixes are available, the owner may neglect to apply them. This is not the case, however, with the bug which sparked the wave of attacks this week. Although it relates to a previous vulnerability SharePoint Discovery during the Pwn2OWN hacking competition in Berlin in May, the patch that Microsoft published earlier this month was itself defective, which means that even organizations that have made their security diligence have been taken. Microsoft rushed this week to publish a correction for the correction, or what the company described as “more robust protections” in its security alert.

“At Microsoft, our commitment – anchored in the Future Initiative Secure – is to meet customers where they are,” Microsoft spokesperson said in a statement sent by e -mail. “This means supporting organizations through the complete spectrum of the Cloud adoption, including those that managed local systems.”

Microsoft always supports the SharePoint Server 2016 and 2019 versions with security updates and other fixes, but the two will reach what Microsoft calls the “end of care” on July 14, 2026. SharePoint Server 2013 and earlier have already reached the end of life and only receive the most critical updates via a paid service Edition ”. Consequently, all versions of SharePoint server are more and more part of a digital retro-chaussing pace where the convenience of continuing to execute the software has a significant risk and potential exposure for users, especially when SharePoint servers are exposed on the Internet.

“Years ago, Microsoft positioned SharePoint as a more secure replacement for old -fashioned Windows file sharing tools, which is why organizations and government agencies have invested in the creation of these servers. And now, they do not make an additional cost, compared to a Microsoft365 subscription in the Cloud which involves an under-conception, “said Jake Williams, a long-standing incident responder who is research and development vice-president at Hunter Strategy. “So, Microsoft tries to push the retained by invoicing prolonged support. But if you exhibit a SharePoint server to the Internet, I would emphasize that you must also budget the response of incidents, because this server will ultimately be dismissed.”