As with networking management software by SolarWinds, Microsoft's own products were then used to further the attacks on others, the people said.
It was not immediately clear how many Microsoft users were affected by the tainted products. The Department of Homeland Security, which said earlier Thursday that the hackers used multiple methods of entry, is continuing to investigate.
Microsoft did not immediately respond to a request for comment.