Microsoft Warns of Widespread Cyberattack Targeting SharePoint Server Software
PorAinvest
martes, 22 de julio de 2025, 9:44 am ET1 min de lectura
MSFT--
The vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, were disclosed by Microsoft on July 20, 2025. CVE-2025-53770 allows for remote code execution by exploiting a deserialization flaw in on-premises versions of SharePoint Server, while CVE-2025-53771 involves a spoofing vulnerability [1]. These flaws have been linked to a larger exploit chain, referred to as ToolShell, which has been patched as part of the company's July 2025 Patch Tuesday update [2].
Microsoft has acknowledged that these vulnerabilities have been actively exploited, with at least 54 organizations, including banks, universities, and government entities, already compromised. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-53770 to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 21, 2025 [3]. Palo Alto Networks Unit 42 has classified the threat as high-severity and high-urgency, urging organizations to apply the necessary patches immediately [1].
To mitigate potential attacks, Microsoft recommends using supported versions of on-premises SharePoint Server, applying the latest security updates, ensuring the Antimalware Scan Interface (AMSI) is turned on and enabled in Full Mode, deploying Microsoft Defender for Endpoint protection, and rotating SharePoint Server ASP.NET machine keys [1]. The company also advises customers to unplug their SharePoint servers from the internet until a patch is available, as a false sense of security could result in prolonged exposure and widespread compromise [1].
The development comes as federal cybersecurity authorities, including the US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Homeland Security, are working closely with Microsoft to address the issue. The FBI has confirmed it is aware of the attacks and is coordinating with federal and private sector partners [2].
References:
[1] https://thehackernews.com/2025/07/microsoft-releases-urgent-patch-for.html
[2] https://dallasexpress.com/business-markets/microsoft-warns-of-cyberattacks-exploiting-sharepoint-server-flaw/
[3] https://www.uctoday.com/unified-communications/microsoft-sharepoint-servers-under-attack-key-takeaways-to-stay-secure/
PANW--
Microsoft has warned of widespread cyberattacks targeting its SharePoint server software, used by government agencies and businesses to share documents. The company has issued a security patch and urged customers to install it to mitigate the attacks. The attacks are targeting on-premises servers and Microsoft is advising customers to apply the patch as soon as possible.
Microsoft has warned of widespread cyberattacks targeting its SharePoint server software, used by government agencies and businesses to share documents. The company has issued a security patch and urged customers to install it to mitigate the attacks. The attacks are targeting on-premises servers and Microsoft is advising customers to apply the patch as soon as possible.The vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, were disclosed by Microsoft on July 20, 2025. CVE-2025-53770 allows for remote code execution by exploiting a deserialization flaw in on-premises versions of SharePoint Server, while CVE-2025-53771 involves a spoofing vulnerability [1]. These flaws have been linked to a larger exploit chain, referred to as ToolShell, which has been patched as part of the company's July 2025 Patch Tuesday update [2].
Microsoft has acknowledged that these vulnerabilities have been actively exploited, with at least 54 organizations, including banks, universities, and government entities, already compromised. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-53770 to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 21, 2025 [3]. Palo Alto Networks Unit 42 has classified the threat as high-severity and high-urgency, urging organizations to apply the necessary patches immediately [1].
To mitigate potential attacks, Microsoft recommends using supported versions of on-premises SharePoint Server, applying the latest security updates, ensuring the Antimalware Scan Interface (AMSI) is turned on and enabled in Full Mode, deploying Microsoft Defender for Endpoint protection, and rotating SharePoint Server ASP.NET machine keys [1]. The company also advises customers to unplug their SharePoint servers from the internet until a patch is available, as a false sense of security could result in prolonged exposure and widespread compromise [1].
The development comes as federal cybersecurity authorities, including the US Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Homeland Security, are working closely with Microsoft to address the issue. The FBI has confirmed it is aware of the attacks and is coordinating with federal and private sector partners [2].
References:
[1] https://thehackernews.com/2025/07/microsoft-releases-urgent-patch-for.html
[2] https://dallasexpress.com/business-markets/microsoft-warns-of-cyberattacks-exploiting-sharepoint-server-flaw/
[3] https://www.uctoday.com/unified-communications/microsoft-sharepoint-servers-under-attack-key-takeaways-to-stay-secure/
Divulgación editorial y transparencia de la IA: Ainvest News utiliza tecnología avanzada de Modelos de Lenguaje Largo (LLM) para sintetizar y analizar datos de mercado en tiempo real. Para garantizar los más altos estándares de integridad, cada artículo se somete a un riguroso proceso de verificación con participación humana.
Mientras la IA asiste en el procesamiento de datos y la redacción inicial, un miembro editorial profesional de Ainvest revisa, verifica y aprueba de forma independiente todo el contenido para garantizar su precisión y cumplimiento con los estándares editoriales de Ainvest Fintech Inc. Esta supervisión humana está diseñada para mitigar las alucinaciones de la IA y garantizar el contexto financiero.
Advertencia sobre inversiones: Este contenido se proporciona únicamente con fines informativos y no constituye asesoramiento profesional de inversión, legal o financiero. Los mercados conllevan riesgos inherentes. Se recomienda a los usuarios que realicen una investigación independiente o consulten a un asesor financiero certificado antes de tomar cualquier decisión. Ainvest Fintech Inc. se exime de toda responsabilidad por las acciones tomadas con base en esta información. ¿Encontró un error? Reportar un problema
Comentarios
Aún no hay comentarios