Microsoft SharePoint Under Attack: Zero-Day Bug Exploited
PorAinvest
lunes, 21 de julio de 2025, 9:19 am ET1 min de lectura
AMRZ--
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day remote code execution (RCE) vulnerability affecting Microsoft SharePoint Server on-premises installations. This vulnerability, tracked as CVE-2025-53770, is actively being exploited by threat actors, posing a significant security risk to organizations running SharePoint infrastructure.
The vulnerability, stemming from a deserialization of untrusted data flaw within SharePoint Server environments, allows unauthorized attackers to execute arbitrary code remotely over a network connection. This type of vulnerability is particularly concerning because it can be exploited remotely without requiring authentication, depending on the specific configuration and exposure of the SharePoint server [1].
CISA has added CVE-2025-53770 to its Known Exploited Vulnerabilities catalog, with an extremely tight remediation deadline of July 21, 2025. Organizations are required to take immediate action, including enabling the Anti-Malware Scan Interface (AMSI) and deploying Microsoft Defender Antivirus on all SharePoint servers. For those unable to implement AMSI integration, CISA recommends disconnecting affected public-facing SharePoint products from internet access until official mitigations become available [1].
Microsoft has also issued customer guidance, urging users to upgrade to supported versions of SharePoint Server, apply the latest security updates, and ensure AMSI is turned on and configured correctly. The company is working on security updates for supported versions of SharePoint 2019 and SharePoint 2016 [2].
Organizations with public-facing SharePoint servers are at the highest risk, as these systems can be directly targeted from the internet without requiring initial network compromise. The CVSS 3.1 score for this vulnerability is 9.8 (Critical), indicating its severity [1].
In response to the active exploitation, CISA has provided specific mitigation guidance requiring organizations to configure AMSI integration within SharePoint environments and deploy Microsoft Defender Antivirus on all SharePoint servers. For organizations unable to implement AMSI integration, CISA recommends the more drastic measure of immediately disconnecting affected public-facing SharePoint products from internet access until official mitigations become available [1].
Federal agencies must comply with Binding Operational Directive BOD 22-01 guidance for cloud services, while organizations unable to implement adequate mitigations should consider discontinuing use of the affected products until comprehensive security updates are released.
References:
[1] https://cybersecuritynews.com/cisa-microsoft-sharepoint-server-0-day-rce/
[2] https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
MSFT--
A zero-day bug in Microsoft SharePoint is under widespread attack, with the U.S. federal government and cybersecurity researchers sounding the alarm. The bug, known as CVE-2025-53771, affects versions of SharePoint as old as 2016 and allows hackers to steal private digital keys, plant malware, and gain access to files and data. Microsoft is working on security fixes, but customers are urged to take immediate action, including disconnecting potentially affected systems from the internet.
July 02, 2025The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day remote code execution (RCE) vulnerability affecting Microsoft SharePoint Server on-premises installations. This vulnerability, tracked as CVE-2025-53770, is actively being exploited by threat actors, posing a significant security risk to organizations running SharePoint infrastructure.
The vulnerability, stemming from a deserialization of untrusted data flaw within SharePoint Server environments, allows unauthorized attackers to execute arbitrary code remotely over a network connection. This type of vulnerability is particularly concerning because it can be exploited remotely without requiring authentication, depending on the specific configuration and exposure of the SharePoint server [1].
CISA has added CVE-2025-53770 to its Known Exploited Vulnerabilities catalog, with an extremely tight remediation deadline of July 21, 2025. Organizations are required to take immediate action, including enabling the Anti-Malware Scan Interface (AMSI) and deploying Microsoft Defender Antivirus on all SharePoint servers. For those unable to implement AMSI integration, CISA recommends disconnecting affected public-facing SharePoint products from internet access until official mitigations become available [1].
Microsoft has also issued customer guidance, urging users to upgrade to supported versions of SharePoint Server, apply the latest security updates, and ensure AMSI is turned on and configured correctly. The company is working on security updates for supported versions of SharePoint 2019 and SharePoint 2016 [2].
Organizations with public-facing SharePoint servers are at the highest risk, as these systems can be directly targeted from the internet without requiring initial network compromise. The CVSS 3.1 score for this vulnerability is 9.8 (Critical), indicating its severity [1].
In response to the active exploitation, CISA has provided specific mitigation guidance requiring organizations to configure AMSI integration within SharePoint environments and deploy Microsoft Defender Antivirus on all SharePoint servers. For organizations unable to implement AMSI integration, CISA recommends the more drastic measure of immediately disconnecting affected public-facing SharePoint products from internet access until official mitigations become available [1].
Federal agencies must comply with Binding Operational Directive BOD 22-01 guidance for cloud services, while organizations unable to implement adequate mitigations should consider discontinuing use of the affected products until comprehensive security updates are released.
References:
[1] https://cybersecuritynews.com/cisa-microsoft-sharepoint-server-0-day-rce/
[2] https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
SOBRE NOSOTROS
Nuestra historiaAutores de noticiasBase de conocimientosPolítica de privacidadTérmino de usoDescargo de responsabilidad de corretaje de tercerosTérminos de uso de AIMEDivulgaciones de riesgos de AInvest AICarrerasCONTÁCTENOS
Email: support@ainvest.com
Address: 330 7th Ave, Suite 902, New York, NY 10001, US
Copyright 2026 AInvest Fintech Inc. All rights reserved.
Comentarios
Aún no hay comentarios