Microsoft puts older versions of SharePoint on lifetime support. Hackers are exploiting
Hundreds of organizations The world suffered a data breach this week as a series of hackers rush to exploit the vulnerability recently discovered by older versions of Microsoft file sharing tools called SharePoint. A series of violations add to an already urgent and complex dynamic: Long-term SharePoint users can face increased risk organizations by continuing to use the service, just as Microsoft is ending support for the platform to support updated cloud products.
Microsoft said Tuesday that among other participants it has seen multiple hacker groups linked to China exploit the flaw, which are particularly present in older SharePoints, which are self-hosted by organizations. It won’t affect the new, cloud-based SharePoint version that Microsoft has encouraged customers to adopt over the years. Bloomberg reported for the first time Wednesday that one of the victims was the National Nuclear Safety Administration, which oversees and maintains U.S. nuclear weapons.
“On-local” or self-managed SharePoint servers are popular targets for hackers, because organizations often set them up to expose them on the public internet and then forget them or don’t want to allocate their budgets to replace them. Even with fixes, the owner may ignore applying them. However, this is not the case, which caused the tide of attacks this week. While this is related to the previous SharePoint vulnerability discovered in the PWN2OWN hacking contest in Berlin in May, the patch released earlier this month was flawed in itself, meaning even organizations that were doing security and hard-working are caught. Microsoft scrambles to release fixes for fixes this week, or what the company calls “more powerful protection” in its security alerts.
“At Microsoft, our commitment – composed of security future initiatives – is to meet with their customers,” a Microsoft spokesperson said in an emailed statement. “This means supporting organizations that are adopting the entire cloud, including those that manage on-premises systems.”
Microsoft still supports SharePoint Server versions 2016 and 2019, with security updates and other fixes, but both will reach what Microsoft calls “termination support” on July 14, 2026. SharePointServer 2013 and earlier have reached the end of life and have only received the most critical security updates called “SharePoint Server Server Server Sibscription Edition”. As a result, all SharePoint server versions are increasingly becoming part of the digital backs, where the convenience of continuing to run the software poses huge risks and potential user risks, especially when the SharePoint server sits on the Internet.
“Several years ago, Microsoft positioned SharePoint as a safer alternative to old schools’ window file sharing tool, so that’s why organizations like government agencies invest in organizations that build these servers. Now, they just don’t have an extra fee, and Microsoft 365 subscriptions involving subscriptions compared to Microsoft 365 subscriptions in the cloud. “So Microsoft is trying to drive retention by charging extended support.” However, if you present SharePoint Server to the Internet, I would emphasize that you also have to budget for the incident response, as the server will eventually be popped up. ”
