Microsoft users are, under attack again and this time the threat has escalated to a new level with Coles and Telstra apearing to have already shut down their SharePoint cloud access in Australia.

Microsoft’s cloud infrastructure has again come under fire after a critical vulnerability in its SharePoint software — embedded in Microsoft 365, Outlook, Word, Excel, and other widely used apps — allowed hackers to breach networks across governments, corporations, and organisations worldwide, including in Australia and other parts of the world in what appears to be apparent ease for hackers.

This time round the issue is not restricted to Outlook users, or involves a Windows browser-based security bypass, and unlike the recent Windows authentication relay attack vulnerability, there is no patch, no magic update, to remedy this one.

This is bad news for Microsoft SharePoint Server users, as CVE-2025-53770 is currently under confirmed “mass attack” and on-premises servers across the world are being compromised according to cyber security analysts.

Cybersecurity researchers say attackers exploited a flaw dubbed “ToolShell”, first disclosed in May at a Berlin security conference. Since then, threat actors have used the weakness to infiltrate systems and steal sensitive data — including login credentials, passwords, hash codes, and access tokens — despite Microsoft’s recent attempts to patch the problem.

2304794651

Although Microsoft issued fixes in early July, attackers found alternative methods to exploit SharePoint, keeping major Australian enterprises and government agencies at risk. Over the weekend, Microsoft rushed out an emergency patch to address the escalating threat, but experts say the broader vulnerability remains.

Cybersecurity firms CrowdStrike Holdings and Google’s Mandiant Consulting told Bloomberg that the breach stems from flawed code and longstanding weaknesses in Microsoft’s security architecture, giving hackers easy entry points into vital systems.

Microsoft acknowledged ongoing issues, confirming that further patches are still being deployed after warnings that attackers were using the flaw to access file systems and run malicious code on vulnerable machines.

Australian organisations heavily reliant on SharePoint — including Coles, Telstra, Qantas, and multiple government agencies — are now in the firing line. Others using the platform for document management and team collaboration include Wine Australia and ATSICHS Brisbane. Even Adobe, a global software leader, is reported to rely on SharePoint internally.

Beyond Australia, the flaw has reportedly been used to infiltrate national government networks across Europe and the Middle East. In the U.S., it has impacted several agencies, including the Department of Education, Florida’s Department of Revenue, and the Rhode Island General Assembly, according to media reports.

“This is a high-severity, high-urgency threat,” warned Michael Sikorski, CTO and head of threat intelligence at Palo Alto Networks’ Unit 42.

“What makes this especially dangerous is SharePoint’s deep integration with Microsoft’s ecosystem — Office, Teams, OneDrive, Outlook — it’s a direct path to an organisation’s crown jewels.”

The widespread use of SharePoint — estimated to be tens or even hundreds of thousands of global users — only amplifies the concern. Microsoft says attackers are primarily targeting organisations running on-premise SharePoint servers rather than those hosted in the cloud, which may reduce the scope of the threat. Still, analysts warn the implications are significant.

The Center for Internet Security, which coordinates cybersecurity intelligence for U.S. state and local governments, identified over 1,100 servers vulnerable to the flaw.

A Microsoft spokesperson declined to offer further comment beyond a previously issued statement.