The Microsoft SharePoint breach was massive. The response has been minimal

Fast Company

23-07-2025

It's not every day that U.S. nuclear facilities, the Department for Education, and governments across Europe and the Middle East are breached in a single hack. But then again, the vulnerability identified in Microsoft's document collaboration tool, SharePoint, this weekend isn't your ordinary issue. It has found a chink in the armor of one of the most widely used suites of software across the world. Microsoft holds a two-thirds market share in the business productivity space.
Microsoft disclosed the vulnerability in a blog post over the weekend, clarifying that the issue only affected on-premises SharePoint servers. These are locally hosted instances of the collaboration tool, rather than the more broadly used SharePoint Online system in Microsoft 365. The company rolled out updates to plug the hole in security, which it said customers 'should apply [. . .] immediately to ensure they are protected.'
Dozens of large organizations are known to have already been affected, including U.S. and international governments, and were hacked through the vulnerability. The breach has left some wondering why the reaction has been so muted, given the high-profile targets.
Darren Guccione, CEO and cofounder of Keeper Security, notes that although Microsoft 365's cloud-based services are unaffected, many critical sectors—including government, legal, and financial institutions—still depend on older or hybrid SharePoint setups. These systems, he says, often 'lack the visibility, access control and agility' needed to respond quickly with security updates.
Some cybersecurity experts say the response so far hasn't reflected the seriousness of the threat. Alan Woodward, a cybersecurity professor at the University of Surrey, points out that the issue impacts on-premise installations rather than Microsoft-hosted ones. As a result, he explains, Microsoft's role is limited to releasing a fix, leaving the rest up to organizations themselves. The company, he says, has essentially told users: 'Over to you if you operate and maintain your own servers' instance of SharePoint.' (Microsoft did not immediately respond to Fast Company 's request to comment.)
Those servers are often held offline because they are used to store sensitive data, including in the delivery of government services, which isn't trusted to be stored in cloud environments. 'The awkward part of the story is that there are still several hundred thousand share points on premises,' Woodward says. 'It could be a double-whammy if it's not handled properly.'
Woodward says he's been struck by the lack of urgency in the broader IT community's response—including from Microsoft itself. Given the severity of the vulnerability, he expected the company to be far more vocal in alerting its technical user base. Microsoft, he says, should have been 'shouting about it.' Meanwhile, both the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and U.K. National Cyber Security Center (NCSC) have issued warnings about the risks of the vulnerability.
Other experts are more sympathetic to Microsoft's situation. 'I have some sympathy for all parties here,' says Craig Clark, director of Clark & Company Information Services, a cybersecurity advisor. 'Threats are evolving at such a rate that it's almost impossible to keep up.'
Clark does admit that 'Microsoft needs to be more dynamic in how it issues its advisories and remember that many security teams are small and perhaps more needs to be done to keep people better informed,' he says. But the relationship goes both ways. 'For their part, security teams need the resources to ensure that patching is seen as more than just a nice to have,' he says.
One of Clark's key concerns is how quickly attackers are now able to weaponize newly discovered vulnerabilities—something he attributes to rapid advancements in technology, particularly AI. He warns that threat actors are increasingly leveraging these tools to accelerate attacks, which will likely make incidents like this more frequent. Microsoft has already confirmed that Chinese state-sponsored hackers have exploited the flaw.
Fixing the problem long-term will be more complex, experts say. Clark advises layering security measures, isolating critical systems, and automating patching wherever possible. Ultimately, he says, organizations 'need to move away from the patch when we can.' Still, what works in theory often falls short in practice—which is why such vulnerabilities continue to surface.