What happened? – Targeting authorities and companies
Security researchers are sounding the alarm: a newly discovered vulnerability in Microsoft SharePoint servers is currently the target of active cyber attacks (as of 21.07.2025). SharePoint is used worldwide as a platform for file and data exchange in organizations, authorities and educational institutions. According to initial reports, numerous companies and authorities have already been the target of such attacks. The FBI is also investigating in this context.
Attackers use “spoofing” techniques
The recently identified vulnerability affects SharePoint servers that are hosted independently by companies. According to cyber experts, criminals have already been able to penetrate the IT infrastructures of numerous organizations – affecting both private companies and public sector institutions, as the Washington Post wrote.
Microsoft has now confirmed the problem, pointed it out in a blog post and made updates available. The company urgently advises its customers to install these security updates promptly. If this is not possible, servers should be disconnected from the internet as a precaution until a patch can be installed.
This type of vulnerability enables attacks through so-called “spoofing” . This involves hackers posing as legitimate users or internal systems and disguising their true identity in order to gain access to sensitive data.
Danger for passwords, data and digital keys
Only SharePoint servers hosted by companies themselves are affected. SharePoint Online within Microsoft 365 is not affected, according to Microsoft. The technology company is working closely with US authorities such as the Department of Defense Cyber Command to respond to the incidents.
Particularly explosive: according to current expert assessments, the attackers are not only able to steal passwords and data, but also to compromise digital keys. These enable them to gain access to the systems again unnoticed even after the security gap has been closed.
The vulnerability discovered is considered “significant” by security experts. They warn of widespread attacks on “thousands” of servers and advise administrators to isolate their systems or take them offline until a patch has been installed.
Backgrounds of the perpetrators remain unclear
It is not yet known who is behind the current attacks. According to the Washington Post, the servers of two federal agencies in the USA have already been successfully compromised. The institutions involved have not yet been made public.
Act now and prevent data loss
The current incidents illustrate how important it is to store sensitive files and communication content in a permanently protected manner. In addition to technical protective measures such as security updates and the professional administration of SharePoint servers, the use of a dedicated document management system (DMS) is also recommended.
With our DMS windream companies and authorities can archive all company-relevant files, but also chats from Microsoft Teams in an audit-proof manner and protect them from unauthorized access. Especially in the event of a cyberattack, this ensures that important communication and business data is stored in a traceable, structured and legally compliant manner. At the same time, central archiving supports the rapid recovery of information after an incident and strengthens the digital resilience of your organization.
Your advantages with windream for Microsoft Teams:
- Data protection compliance according to EU GDPR – also for private chats to protect the privacy of your employees
- Audit-proof archiving for maximum protection and legally compliant filing.
- Independence from the Microsoft cloud, as all Teams data is stored autonomously in the windream system.
- Access to all documents and chats from Teams channels for authorized persons – directly in Microsoft Teams or in the windream DMS.
- Flexible expandability, e.g. to include digital file management within teams.