Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code execution on SharePoint, resulting in the exploitation of at least 54 organizations worldwide.

A major security vulnerability in Microsoft's widely used Sharepoint server software has been exploited by hackers, causing chaos within businesses and government agencies.

The incident has reportedly impacted the servers of federal agencies, schools, and energy companies. Some emergency patches have been deployed. On July 19, Microsoft alerted users that it was experiencing an active cyberattack on its SharePoint servers,

Microsoft is issuing an emergency fix to close off a vulnerability in Microsoft’s SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

While organizations may have a variety of reasons for sticking with on-premises Microsoft SharePoint servers, widespread attacks targeting the servers are grounds to “re-do their risk calculus” and newly explore cloud-based options,

Microsoft said Chinese actor Storm-2603 is deploying Warlock ransomware following the exploitation of vulnerabilities in on-prem SharePoint systems