Microsoft Issues Urgent Fix for SharePoint Flaw Exploited by Hackers
ByAinvest
Tuesday, Jul 22, 2025 12:20 am ET2min read
INTZ--
Eye Security, a leading cybersecurity firm, was the first to discover the vulnerability and alerted affected organizations. The company's research team identified the flaw and promptly notified stakeholders, enabling them to take immediate action to secure their systems. Microsoft has since confirmed the existence of the vulnerability and released emergency updates to address it. The company has advised users to apply these updates as soon as possible to mitigate the risk of further exploitation.
The vulnerability affects on-premise SharePoint servers and not the cloud-based SharePoint Online service. This means that organizations running SharePoint servers locally are particularly at risk. The flaw is classified as a critical zero-day vulnerability, indicating that it has been actively exploited before a patch was available. The exploit can be used to gain full access to SharePoint file systems, including Microsoft Teams and OneDrive, potentially leading to data breaches, ransomware attacks, and other malicious activities.
To protect against this vulnerability, Microsoft has issued specific guidance. Organizations are advised to configure Anti-Malware Scan Interface (AMSI) integration within their SharePoint environments and deploy Microsoft Defender Antivirus on all SharePoint servers. If AMSI cannot be enabled, affected public-facing SharePoint products should be disconnected from the internet until official mitigations are available. Federal agencies are required to follow the Binding Operational Directive BOD 22-01 guidance for cloud services, while other organizations may need to discontinue the use of affected products until comprehensive security updates are released.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued an urgent warning about the vulnerability, highlighting its severity and the need for immediate action. CISA has set a tight remediation deadline of July 21, 2025, indicating the active exploitation of this vulnerability and the need for swift action.
Organizations are encouraged to review all relevant security updates and guidance published by Microsoft and CISA. They should also monitor for specific exploit patterns and anomalous behavior, update intrusion prevention systems, and implement comprehensive logging to identify and respond to exploitation activity. Minimizing layout and admin privileges is also recommended to further reduce the risk of unauthorized access.
In conclusion, the discovery of the CVE-2025-53770 vulnerability highlights the importance of maintaining robust cybersecurity measures and promptly applying security updates. Organizations should take immediate action to secure their SharePoint servers and protect against potential data breaches and other malicious activities.
References:
[1] https://www.pressebox.de/pressemitteilung/eye-security-gmbh/eye-security-entdeckt-kritische-schwachstelle-in-microsoft-sharepoint-server/boxid/1258245
[2] https://cybersecuritynews.com/cisa-microsoft-sharepoint-server-0-day-rce/
[3] https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
MSFT--
Hackers are exploiting a serious flaw in SharePoint to attack companies and government servers. Microsoft has released an urgent fix and asked users to update their systems quickly. The vulnerability affects on-premise SharePoint servers and not the cloud-based SharePoint Online service. Cybersecurity experts have identified the exploit, dubbed "ToolShell", which can allow attackers full access to SharePoint file systems. Affected systems include Microsoft Teams and OneDrive.
A severe security flaw in Microsoft SharePoint servers has been actively exploited by hackers, prompting an urgent call to action from cybersecurity experts and Microsoft itself. The vulnerability, identified as CVE-2025-53770, allows attackers to remotely execute code on affected SharePoint servers without needing valid user credentials. This exploit, dubbed "ToolShell," has been confirmed to be in use by malicious actors, posing a significant risk to both corporate and governmental entities.Eye Security, a leading cybersecurity firm, was the first to discover the vulnerability and alerted affected organizations. The company's research team identified the flaw and promptly notified stakeholders, enabling them to take immediate action to secure their systems. Microsoft has since confirmed the existence of the vulnerability and released emergency updates to address it. The company has advised users to apply these updates as soon as possible to mitigate the risk of further exploitation.
The vulnerability affects on-premise SharePoint servers and not the cloud-based SharePoint Online service. This means that organizations running SharePoint servers locally are particularly at risk. The flaw is classified as a critical zero-day vulnerability, indicating that it has been actively exploited before a patch was available. The exploit can be used to gain full access to SharePoint file systems, including Microsoft Teams and OneDrive, potentially leading to data breaches, ransomware attacks, and other malicious activities.
To protect against this vulnerability, Microsoft has issued specific guidance. Organizations are advised to configure Anti-Malware Scan Interface (AMSI) integration within their SharePoint environments and deploy Microsoft Defender Antivirus on all SharePoint servers. If AMSI cannot be enabled, affected public-facing SharePoint products should be disconnected from the internet until official mitigations are available. Federal agencies are required to follow the Binding Operational Directive BOD 22-01 guidance for cloud services, while other organizations may need to discontinue the use of affected products until comprehensive security updates are released.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued an urgent warning about the vulnerability, highlighting its severity and the need for immediate action. CISA has set a tight remediation deadline of July 21, 2025, indicating the active exploitation of this vulnerability and the need for swift action.
Organizations are encouraged to review all relevant security updates and guidance published by Microsoft and CISA. They should also monitor for specific exploit patterns and anomalous behavior, update intrusion prevention systems, and implement comprehensive logging to identify and respond to exploitation activity. Minimizing layout and admin privileges is also recommended to further reduce the risk of unauthorized access.
In conclusion, the discovery of the CVE-2025-53770 vulnerability highlights the importance of maintaining robust cybersecurity measures and promptly applying security updates. Organizations should take immediate action to secure their SharePoint servers and protect against potential data breaches and other malicious activities.
References:
[1] https://www.pressebox.de/pressemitteilung/eye-security-gmbh/eye-security-entdeckt-kritische-schwachstelle-in-microsoft-sharepoint-server/boxid/1258245
[2] https://cybersecuritynews.com/cisa-microsoft-sharepoint-server-0-day-rce/
[3] https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet