A significant global cyberattack has exploited a security flaw in Microsoft SharePoint server software, affecting multiple U.S. federal and state agencies, universities, and businesses. Researchers estimate that tens of thousands of servers may be at risk, and Microsoft has yet to issue a patch for this vulnerability. According to CrowdStrike’s senior vice president Adam Meyers, “Anyone who’s got a hosted SharePoint server has got a problem,” highlighting the severity of the situation. The FBI is actively investigating the breaches, which have led to unauthorized access to sensitive data and potential password theft. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency noted that attackers have been targeting these servers globally, with at least two federal agencies reporting breaches. The nonprofit Center for Internet Security has alerted about 100 organizations, including public schools and universities, that may have been compromised.
Microsoft has acknowledged the issue, stating that it is preparing a comprehensive update to resolve the vulnerability. In a recent advisory, the company emphasized the importance of configuring Antimalware Scan Interface integration in SharePoint as a temporary measure.
The vulnerability was first identified by Eye Security on July 18, 2025, and has been linked to a combination of two bugs demonstrated at the Pwn2Own hacking contest earlier this year.
And while I’m on ransomware attacks, CRN spoke with Ingram Micro’s Sanjib Sahoo, president of Ingram’s global platform group, who emphasized the importance of operational efficiency during the recovery process. He noted that the attack affected Ingram Micro’s website, online ordering systems, and key platforms, yet they managed to restore global operations by July 10, and credited the capabilities of its Xvantage platform. The company took immediate action by shutting down its systems and collaborating with third-party cybersecurity experts to contain and remediate the situation within days.
Why do we care?
There’s a critical SharePoint vulnerability out there, and it’s bad. Federal agencies. Universities. Businesses. Actively exploited. And Microsoft? No patch yet. Their advice? Turn on Antimalware Scan Interface integration as a stopgap.
Here’s the deal: if your clients still have on-prem or hosted SharePoint servers, you’ve got work to do—today. But this isn’t just about triage. It’s about asking the bigger question: why are these workloads still sitting on-prem? If Microsoft can’t move fast enough to protect them, what makes your client think they can?
Now, let’s talk Ingram Micro. They’re celebrating how fast they recovered from ransomware—global operations back in days, thanks to their Xvantage platform. Sounds impressive, right? But hold up. Their communications during the outage? Terrible. No details on the ransomware strain. No clarity on data exposure. And now they want a victory lap? That feels a little… disingenuous. Xvantage’s strength is its platformization, was it also part of what failed?
Here’s the punchline for IT services leaders: you can’t assume your suppliers are bulletproof. Vendor resilience is your risk too, and how much of that financial risk do they really share with you?