LONDON (Reuters) -A security patch released by Microsoft last month failed to fully fix a critical flaw in U.S. tech giant's SharePoint server software that had been identified in May, opening the door to a sweeping global cyber espionage operation.

Among the attackers now actively exploiting vulnerable on-premises Microsoft SharePoint servers, at least one has shown indications of originating from China, according to the assessment of researchers at Google Cloud-owned Mandiant.

Following criticism of the company’s use of Chinese workers to advise on operation of Department of Defense cloud systems, Microsoft has changed its policy.

A report from ProPublica has claimed Microsoft is using these engineers to maintain the Department of Defense’s computer systems, with ‘minimal supervision by US personnel’.

The move comes after a ProPublica report highlighted a Microsoft program that allows foreign engineers to indirectly interact with U.S. military systems through American “escort” intermediaries.

Chinese workers are accompanied by US citizens functioning as 'digital escorts,' but the practice functions 'with little review,' according to a ProPublica investigation.

Microsoft has relied on engineers based in China for years to help maintain some of the U.S. Department of Defense’s

Following a Pro Publica report that Microsoft was using engineers in China to help maintain cloud computing systems for the U.S. Department of Defense, the company said it’s made changes to ensure this will no longer happen.

Defense Secretary Pete Hegseth says the DOD is "looking into" a Microsoft cloud program that used Chinese engineers after an investigative report raised concerns about CCP access.