AInvest Newsletter
Daily stocks & crypto headlines, free to your inbox
Microsoft Issues Urgent Fix for SharePoint Flaw Exploited by Hackers
ByAinvest
Tuesday, Jul 22, 2025 12:20 am ET2min read
Hackers are exploiting a serious flaw in SharePoint to attack companies and government servers. Microsoft has released an urgent fix and asked users to update their systems quickly. The vulnerability affects on-premise SharePoint servers and not the cloud-based SharePoint Online service. Cybersecurity experts have identified the exploit, dubbed "ToolShell", which can allow attackers full access to SharePoint file systems. Affected systems include Microsoft Teams and OneDrive.
A severe security flaw in Microsoft SharePoint servers has been actively exploited by hackers, prompting an urgent call to action from cybersecurity experts and Microsoft itself. The vulnerability, identified as CVE-2025-53770, allows attackers to remotely execute code on affected SharePoint servers without needing valid user credentials. This exploit, dubbed "ToolShell," has been confirmed to be in use by malicious actors, posing a significant risk to both corporate and governmental entities.Eye Security, a leading cybersecurity firm, was the first to discover the vulnerability and alerted affected organizations. The company's research team identified the flaw and promptly notified stakeholders, enabling them to take immediate action to secure their systems. Microsoft has since confirmed the existence of the vulnerability and released emergency updates to address it. The company has advised users to apply these updates as soon as possible to mitigate the risk of further exploitation.
The vulnerability affects on-premise SharePoint servers and not the cloud-based SharePoint Online service. This means that organizations running SharePoint servers locally are particularly at risk. The flaw is classified as a critical zero-day vulnerability, indicating that it has been actively exploited before a patch was available. The exploit can be used to gain full access to SharePoint file systems, including Microsoft Teams and OneDrive, potentially leading to data breaches, ransomware attacks, and other malicious activities.
To protect against this vulnerability, Microsoft has issued specific guidance. Organizations are advised to configure Anti-Malware Scan Interface (AMSI) integration within their SharePoint environments and deploy Microsoft Defender Antivirus on all SharePoint servers. If AMSI cannot be enabled, affected public-facing SharePoint products should be disconnected from the internet until official mitigations are available. Federal agencies are required to follow the Binding Operational Directive BOD 22-01 guidance for cloud services, while other organizations may need to discontinue the use of affected products until comprehensive security updates are released.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued an urgent warning about the vulnerability, highlighting its severity and the need for immediate action. CISA has set a tight remediation deadline of July 21, 2025, indicating the active exploitation of this vulnerability and the need for swift action.
Organizations are encouraged to review all relevant security updates and guidance published by Microsoft and CISA. They should also monitor for specific exploit patterns and anomalous behavior, update intrusion prevention systems, and implement comprehensive logging to identify and respond to exploitation activity. Minimizing layout and admin privileges is also recommended to further reduce the risk of unauthorized access.
In conclusion, the discovery of the CVE-2025-53770 vulnerability highlights the importance of maintaining robust cybersecurity measures and promptly applying security updates. Organizations should take immediate action to secure their SharePoint servers and protect against potential data breaches and other malicious activities.
References:
[1] https://www.pressebox.de/pressemitteilung/eye-security-gmbh/eye-security-entdeckt-kritische-schwachstelle-in-microsoft-sharepoint-server/boxid/1258245
[2] https://cybersecuritynews.com/cisa-microsoft-sharepoint-server-0-day-rce/
[3] https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770
Ainvest News articles are AI-generated using advanced large language model (LLM) technology designed to analyze and synthesize publicly available data and news. While AI tools assist in producing initial drafts and insights, all AI generated content published on Ainvest is subject to comprehensive human editorial review before publication. A designated human editor reviews, verifies, and approves each article for factual accuracy, coherence, and compliance with AInvest Fintech Inc’s editorial and disclosure standards.
Despite these review procedures, the information provided may still contain inaccuracies, incomplete data, or time sensitive references due to the inherent limitations of AI generated analysis and evolving changes. The material is provided strictly for informational and educational purposes and does not constitute personalized investment, legal, or financial advice. Readers should independently verify all facts, figures, and statements before making any decision based on this content.
AInvest Fintech Inc. its affiliates, and partners accept no liability or responsibility for any direct or consequential losses arising from reliance on this content. All articles and analyses are subject to revision, update, or removal without prior notice to maintain accuracy and integrity in our publications.
Comments
No comments yet