Microsoft Issues Urgent Fix for SharePoint Flaw Exploited by Hackers
PorAinvest
martes, 22 de julio de 2025, 12:20 am ET2 min de lectura
INTZ--
Eye Security, a leading cybersecurity firm, was the first to discover the vulnerability and alerted affected organizations. The company's research team identified the flaw and promptly notified stakeholders, enabling them to take immediate action to secure their systems. Microsoft has since confirmed the existence of the vulnerability and released emergency updates to address it. The company has advised users to apply these updates as soon as possible to mitigate the risk of further exploitation.
The vulnerability affects on-premise SharePoint servers and not the cloud-based SharePoint Online service. This means that organizations running SharePoint servers locally are particularly at risk. The flaw is classified as a critical zero-day vulnerability, indicating that it has been actively exploited before a patch was available. The exploit can be used to gain full access to SharePoint file systems, including Microsoft Teams and OneDrive, potentially leading to data breaches, ransomware attacks, and other malicious activities.
To protect against this vulnerability, Microsoft has issued specific guidance. Organizations are advised to configure Anti-Malware Scan Interface (AMSI) integration within their SharePoint environments and deploy Microsoft Defender Antivirus on all SharePoint servers. If AMSI cannot be enabled, affected public-facing SharePoint products should be disconnected from the internet until official mitigations are available. Federal agencies are required to follow the Binding Operational Directive BOD 22-01 guidance for cloud services, while other organizations may need to discontinue the use of affected products until comprehensive security updates are released.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued an urgent warning about the vulnerability, highlighting its severity and the need for immediate action. CISA has set a tight remediation deadline of July 21, 2025, indicating the active exploitation of this vulnerability and the need for swift action.
Organizations are encouraged to review all relevant security updates and guidance published by Microsoft and CISA. They should also monitor for specific exploit patterns and anomalous behavior, update intrusion prevention systems, and implement comprehensive logging to identify and respond to exploitation activity. Minimizing layout and admin privileges is also recommended to further reduce the risk of unauthorized access.
In conclusion, the discovery of the CVE-2025-53770 vulnerability highlights the importance of maintaining robust cybersecurity measures and promptly applying security updates. Organizations should take immediate action to secure their SharePoint servers and protect against potential data breaches and other malicious activities.
References:
[1] https://www.pressebox.de/pressemitteilung/eye-security-gmbh/eye-security-entdeckt-kritische-schwachstelle-in-microsoft-sharepoint-server/boxid/1258245
[2] https://cybersecuritynews.com/cisa-microsoft-sharepoint-server-0-day-rce/
[3] https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
MSFT--
Hackers are exploiting a serious flaw in SharePoint to attack companies and government servers. Microsoft has released an urgent fix and asked users to update their systems quickly. The vulnerability affects on-premise SharePoint servers and not the cloud-based SharePoint Online service. Cybersecurity experts have identified the exploit, dubbed "ToolShell", which can allow attackers full access to SharePoint file systems. Affected systems include Microsoft Teams and OneDrive.
A severe security flaw in Microsoft SharePoint servers has been actively exploited by hackers, prompting an urgent call to action from cybersecurity experts and Microsoft itself. The vulnerability, identified as CVE-2025-53770, allows attackers to remotely execute code on affected SharePoint servers without needing valid user credentials. This exploit, dubbed "ToolShell," has been confirmed to be in use by malicious actors, posing a significant risk to both corporate and governmental entities.Eye Security, a leading cybersecurity firm, was the first to discover the vulnerability and alerted affected organizations. The company's research team identified the flaw and promptly notified stakeholders, enabling them to take immediate action to secure their systems. Microsoft has since confirmed the existence of the vulnerability and released emergency updates to address it. The company has advised users to apply these updates as soon as possible to mitigate the risk of further exploitation.
The vulnerability affects on-premise SharePoint servers and not the cloud-based SharePoint Online service. This means that organizations running SharePoint servers locally are particularly at risk. The flaw is classified as a critical zero-day vulnerability, indicating that it has been actively exploited before a patch was available. The exploit can be used to gain full access to SharePoint file systems, including Microsoft Teams and OneDrive, potentially leading to data breaches, ransomware attacks, and other malicious activities.
To protect against this vulnerability, Microsoft has issued specific guidance. Organizations are advised to configure Anti-Malware Scan Interface (AMSI) integration within their SharePoint environments and deploy Microsoft Defender Antivirus on all SharePoint servers. If AMSI cannot be enabled, affected public-facing SharePoint products should be disconnected from the internet until official mitigations are available. Federal agencies are required to follow the Binding Operational Directive BOD 22-01 guidance for cloud services, while other organizations may need to discontinue the use of affected products until comprehensive security updates are released.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued an urgent warning about the vulnerability, highlighting its severity and the need for immediate action. CISA has set a tight remediation deadline of July 21, 2025, indicating the active exploitation of this vulnerability and the need for swift action.
Organizations are encouraged to review all relevant security updates and guidance published by Microsoft and CISA. They should also monitor for specific exploit patterns and anomalous behavior, update intrusion prevention systems, and implement comprehensive logging to identify and respond to exploitation activity. Minimizing layout and admin privileges is also recommended to further reduce the risk of unauthorized access.
In conclusion, the discovery of the CVE-2025-53770 vulnerability highlights the importance of maintaining robust cybersecurity measures and promptly applying security updates. Organizations should take immediate action to secure their SharePoint servers and protect against potential data breaches and other malicious activities.
References:
[1] https://www.pressebox.de/pressemitteilung/eye-security-gmbh/eye-security-entdeckt-kritische-schwachstelle-in-microsoft-sharepoint-server/boxid/1258245
[2] https://cybersecuritynews.com/cisa-microsoft-sharepoint-server-0-day-rce/
[3] https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios