Microsoft Knew About SharePoint Vulnerabilities But Failed to Patch Sufficiently

The problem in SharePoint, which allowed hackers to infiltrate more than 100 organisations, had been known to Microsoft for some time, but an initial solution could not resolve the issue.

The SharePoint vulnerabilities were first identified in May during a Trend Micro hacking competition in Berlin. There, a researcher from the cybersecurity branch of Viettel, a telecom operator owned by the Vietnamese army, identified a bug that was then dubbed ToolShell. The researcher won $100,000 for the effort.

Microsoft confirmed the timeline to Reuters, stating that an initial fix for the problems was unsuccessful. New patches have since been released to address the vulnerabilities.

Three Chinese hacker groups
Meanwhile, the software company names two Chinese hacker groups, “Linen Typhoon” and “Violet Typhoon,” as the parties that actively exploited the vulnerability. A third Chinese group is also said to be doing so.

Last Saturday, Microsoft released security updates for CVE-2025-53770 and CVE-2025-53771, the two vulnerabilities in SharePoint Server 2019 and SharePoint Server Subscription Edition. A fix is still being worked on for SharePoint Server 2016. Cloud versions (via Microsoft 365) are not affected.

When it was announced, Microsoft warned that the vulnerabilities were already being actively exploited. In the days that followed, it became clear that thousands of organisations were at risk, and at least a hundred were targeted by hackers last weekend.