A significant flaw in a widely used Microsoft product allowed multiple Chinese-linked hacking groups to breach dozens of organizations across the globe and at least two U.S. federal agencies.