New York: Microsoft has released an urgent security fix to address a critical vulnerability in its widely-used SharePoint software that hackers have exploited in attacks targeting businesses and some US government agencies.

Michael Sikorski, CTO and head of threat Intelligence for Unit 42 at Palo Alto Networks, told SDxCentral that “on-prem SharePoint deployments – particularly within government, schools, and healthcare, including hospitals and large enterprise companies – are at immediate risk”.

The newly discovered flaw in Microsoft's SharePoint software has allowed hackers to target dozens of companies and organizations. Only a partial fix has been issued.

At least 85 servers worldwide have been compromised through a Microsoft service vulnerability that has been used to achieve remote code execution.

The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by the tech giant as part of its July 2025 Patch Tuesday updates.