Microsoft Issues Emergency Fix for SharePoint Vulnerability
ByAinvest
Tuesday, Jul 22, 2025 1:02 am ET1min read
MSFT--
The vulnerabilities were initially patched as part of the July Patch Tuesday updates, but threat actors discovered new flaws that bypassed the previous patches. These new flaws have been used to conduct ToolShell attacks on SharePoint servers, impacting over 54 organizations so far [1].
Microsoft has released emergency out-of-band security updates for Microsoft SharePoint Subscription Edition, SharePoint 2019, and SharePoint 2016 to address these vulnerabilities. The updates include more robust protections than the previous patches [1].
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerabilities to its Known Exploited Vulnerabilities catalog, with a "due date" of Monday, July 21, 2025. This means that all federal agencies are legally required to immediately fix the issue [2].
The compromise of SharePoint's internal cryptographic keys is particularly concerning, as it allows attackers to maintain access to victims' systems even after the affected servers are patched. Microsoft has advised organizations to rotate their SharePoint machine keys and investigate any signs of compromise [2].
Researchers at Palo Alto Networks have warned that the hack likely reached thousands of organizations globally, and the exploits are real, in-the-wild, and pose a serious threat [3].
Microsoft has urged users to apply the fix immediately to prevent further attacks, but the company has not yet disclosed how many organizations have been affected [3].
References:
[1] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/
[2] https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
[3] https://www.cnbc.com/2025/07/21/microsoft-sharepoint-attack-vulnerability.html
PANW--
Microsoft is releasing an emergency fix to address a vulnerability in SharePoint software that has been exploited by hackers to attack businesses and some federal agencies. The vulnerability allows hackers to gain access to sensitive information and disrupt operations. Microsoft is urging users to apply the fix immediately to prevent further attacks. The company has not yet disclosed how many organizations have been affected.
Microsoft has released emergency security updates to address two zero-day vulnerabilities in its SharePoint software, which have been exploited in global attacks. The vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, were discovered to have been exploited in "ToolShell" attacks, compromising services worldwide [1].The vulnerabilities were initially patched as part of the July Patch Tuesday updates, but threat actors discovered new flaws that bypassed the previous patches. These new flaws have been used to conduct ToolShell attacks on SharePoint servers, impacting over 54 organizations so far [1].
Microsoft has released emergency out-of-band security updates for Microsoft SharePoint Subscription Edition, SharePoint 2019, and SharePoint 2016 to address these vulnerabilities. The updates include more robust protections than the previous patches [1].
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerabilities to its Known Exploited Vulnerabilities catalog, with a "due date" of Monday, July 21, 2025. This means that all federal agencies are legally required to immediately fix the issue [2].
The compromise of SharePoint's internal cryptographic keys is particularly concerning, as it allows attackers to maintain access to victims' systems even after the affected servers are patched. Microsoft has advised organizations to rotate their SharePoint machine keys and investigate any signs of compromise [2].
Researchers at Palo Alto Networks have warned that the hack likely reached thousands of organizations globally, and the exploits are real, in-the-wild, and pose a serious threat [3].
Microsoft has urged users to apply the fix immediately to prevent further attacks, but the company has not yet disclosed how many organizations have been affected [3].
References:
[1] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/
[2] https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally
[3] https://www.cnbc.com/2025/07/21/microsoft-sharepoint-attack-vulnerability.html
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet