Microsoft contained a major SharePoint security flaw, amid fresh questions about the future of its legacy on-premises software.

Microsoft is issuing an emergency fix to close off a vulnerability in Microsoft’s SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies.

Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed another China-based threat actor,

Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code execution on SharePoint, resulting in the exploitation of at least 54 organizations worldwide.

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.

CISA gave agencies until the end of the day on Monday to mitigate a severe zero-day vulnerability in Microsoft's widely used SharePoint software.

Microsoft identified three China-based hacking groups targeting SharePoint vulnerabilities in the ongoing cyberattack, and urged customers to ensure they've applied security updates.

Governments, schools, healthcare providers and large enterprise firms are at risk, one cyber threat intelligence chief said.