Massive hacker attacks have hit Microsoft Corp.’s server software with cybersecurity analysts warning of widespread security breaches around the world.

The Redmond, Washington-based software company said it has released a new security patch for its customers to install on their SharePoint servers “in order to mitigate active attacks targeting local servers,” adding that it is working on releasing other patches.

The U.S. Cybersecurity and Infrastructure Security Administration (CISA) said it is aware of the vulnerability, which allows hackers to gain access to the systems’ files and internal settings, as well as execute code over the network.

Cybersecurity firms have warned that a large number of organizations worldwide could be affected by the breach, with Silas Cutler, a researcher at Michigan-based Censys, estimating that more than 10,000 organizations with SharePoint servers are at risk. The US has the largest number of those organizations, followed by the Netherlands, the UK and Canada, he said.

“It’s the best thing for extortionists via ransomware, and many hackers will be hard at work this weekend,” he added.

Palo Alto Networks Inc. warned that “these attacks are real, are already underway and pose a serious threat.” The Google Threat Intelligence team said in an emailed statement that it has identified hackers exploiting this vulnerability, adding that it allows “persistent, unauthorized access and presents a significant risk to affected organizations.”

The Washington Post reported that the breach has affected US federal and state agencies, universities, energy companies and a telecommunications company in Asia, citing government officials and private investigators.

Microsoft has faced a series of cyberattacks recently and had warned in March that Chinese hackers were targeting remote management tools and cloud applications to spy on companies and organizations in the U.S. and abroad.

The Cyber Safety Review Board, a group set up by the White House to review major cyberattacks, had said last year that Microsoft’s security culture was “inadequate” following the major breach of Exchange Online mailboxes in 2023. In that incident, hackers managed to breach 22 organisations and hundreds of individuals, including former US Commerce Secretary Gina Raymondo.