Microsoft contained a major SharePoint security flaw, amid fresh questions about the future of its legacy on-premises software.

New estimates regarding the recently-exploited Microsoft SharePoint vulnerabilities now evaluate that as many as 400 organizations may have been targeted.

A critical vulnerability in on-premise SharePoint servers allowed state-backed hackers to breach governments and institutions worldwide. Experts are questioning why more hasn't been done or said.

One of the hacked organizations reportedly includes the U.S. agency responsible for maintaining the country's stockpile of nuclear weapons. China-backed hackers have been observed carrying out the hacks targeting SharePoint servers.

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.

Victims of the recent global hacking campaign include the National Institutes of Health and the National Nuclear Security Administration, officials said.

The name was coined by Dinh Ho Anh, a researcher from Khoa of Viettel Cyber Security, who developed the exploit. The researcher said he picked the name because it exploited ToolPane.aspx, a component for assembling the side panel view in the SharePoint user interface.