A botched security patch by Microsoft has left its widely-used SharePoint Server exposed to a critical vulnerability—fueling a wave of cyber espionage attempts that have already affected nearly 100 organisations globally, including high-value US government systems.

In response to a question regarding Microsoft server software allegedly being targeted by large-scale "cyber espionage activities," Guo Jiakun, a spokesperson of Chinese Foreign Ministry said on Wednesday that he was not aware of the specific situation mentioned.

After a ProPublica investigation raised security concerns, Microsoft will cease using China-based engineers for work on sensitive Pentagon cloud computing systems.

Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell zero-days.

A security patch Microsoft released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber espionage effort, a timeline reviewed by Reuters shows.

The move comes after a ProPublica report highlighted a Microsoft program that allows foreign engineers to indirectly interact with U.S. military systems through American “escort” intermediaries.

The change follows a ProPublica report that outlined how Microsoft’s use of Chinese engineers left U.S. defense clients vulnerable to cybersecurity risks.

Microsoft has used engineers based in China to support highly sensitive US Defence Department cloud systems via a model called "digital escorting", a ProPublica investigation has revealed. American workers with security clearance input commands written by foreign engineers,