Hackers in recent weeks have exploited flaws in SharePoint, a document management system developed by Microsoft Corp., to try to steal sensitive data from hundreds of victims.

Federal cybersecurity officials have issued a warning to Microsoft users about a security flaw allowing hackers to access to certain SharePoint systems.

Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

LONDON >> A security patch released by Microsoft earlier this month failed to fully fix a critical flaw in the U.S. tech company’s SharePoint server software that had been identified at a hacking competition in May,

The incident has reportedly impacted the servers of federal agencies, schools, and energy companies. Some emergency patches have been deployed. On July 19, Microsoft alerted users that it was experiencing an active cyberattack on its SharePoint servers,

In the post, citing "expanded analysis and threat intelligence," Microsoft said a group it dubs "Storm-2603" is using the vulnerability to seed the ransomware, which typically works by paralyzing victims' networks until a digital currency payment is made.

A server vulnerability left unpatched by Microsoft has now escalated from espionage to ransomware, hitting hundreds of victims worldwide.

The cybersecurity vendor has also classified it as a high-severity, high-urgency threat, urging organizations running on-premises Microsoft SharePoint servers to apply the necessary patches with immediate effect, rotate all cryptographic material, and engage in incident response efforts.