The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information.

Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren’t worth their time, VulnCheck’s Caitlin Condon said.

Despite serious alarm raised by officials, organizations have not applied the patch for Microsoft Exchange servers en masse.

The Departments of Energy, Homeland Security and Health and Human Services have been impacted.

Attackers have already used the exploit dubbed “ToolShell” to intrude hundreds of organizations globally, including private companies and government agencies.

The attacks are an example of how a file-sharing service can be abused to gather valuable information on a target.