microsoft logo
News

Microsoft Just Found a Big Hole in its Server Software – And hackers Are Already Crawling Through It.

If your system is unpatched, It's basically an open invitation

Shalom Ihuoma
By
Shalom Ihuoma
3 Min Read

If your organization runs anything on Windows Server, you might want to pause that coffee break. Microsoft has just sounded the alarm on a critical vulnerability and hackers are already exploiting it. We are not talking about some minor glitch. This is a flaw in Windows Internet Information Services (IIS) Microsoft’s web server tool used by businesses, governments, and pretty much any organization that hosts web apps or sites on Windows.

Contents
So, what’s happening?Did Microsoft fix it?What to do:This is not the first time…

In simple terms? Hackers can break in remotely, without needing a username or password. It’s like leaving the front door of your server open with a neon “Welcome!” sign. Microsoft has labelled this a critical vulnerability, meaning it is serious enough to allow full control of affected systems.

So, what’s happening?

Hackers, likely advanced ones, are already actively exploiting this flaw in the wild. Microsoft has not confirmed exactly who is behind it, but said the attack shows signs of being part of a “limited targeted campaign.” That’s code for: this isn’t random. Somebody knew what they were doing. Reuters reports that Microsoft warned both governments and private companies after spotting these attacks in real time.

Did Microsoft fix it?

Yes. The fix was part of July’s Patch Tuesday update, which dropped earlier this month. But here’s the catch, many systems haven’t been patched yet, and that’s exactly what hackers are counting on. See the full July 2025 update release from Microsoft. If you’re still dragging your feet on updates, now would be a fantastic time to prioritize that security patch.

What to do:

  • Install the latest July security update: it contains the fix for this exact vulnerability.
  • Run a check for compromise: Microsoft shared some technical guidance and indicators to help teams spot if they’ve been hit.
  • Stop postponing updates. Seriously. The “remind me later” button could cost you.

This is not the first time…

Microsoft has had to deal with similar zero-day exploits in the past, most recently with Exchange Server hacks and Print Nightmare, where attackers pounced before patches were fully rolled out. The lesson? Patching is prevention.

Related: Uber Drops $300M on Lucid and Nuro to Launch 20,000 Robotaxis

TAGGED:
Share This Article

You Might Also Like ↷