Microsoft contained a major SharePoint security flaw, amid fresh questions about the future of its legacy on-premises software.

Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, Bloomberg News reported on Friday.

Victims of the recent global hacking campaign include the National Institutes of Health and the National Nuclear Security Administration, officials said.

Microsoft confirms Chinese hackers exploited a SharePoint flaw; Patches now available. Cloud-based Microsoft 365 not affected.

Hackers have breached about 400 government agencies, corporations and other groups, according to estimates from Eye Security.

While organizations may have a variety of reasons for sticking with on-premises Microsoft SharePoint servers, widespread attacks targeting the servers are grounds to “re-do their risk calculus” and newly explore cloud-based options,

Microsoft Corporation (NASDAQ:MSFT) is one of the best 52-week high stocks to buy now. On July 21, the software giant released a patch for a vulnerability that affected the servers of the SharePoint document management software.

A security patch Microsoft released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber espionage effort, a timeline reviewed by Reuters shows.