State CISOs in North Carolina and Arizona said their teams began work immediately to ensure on-prem SharePoint systems were secure, following the recent disclosure of an active zero-day exploit.

Dubbed a “zero-day” because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organisations.

A major cyberespionage operation targeting Microsoft's SharePoint server software has compromised about 100 organizations worldwide. The operation exploits a zero-day vulnerability, allowing hackers to install backdoors on affected servers.

Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers.