Microsoft's SharePoint Under Attack: Over 400 Vulnerable to Hackers

Microsoft's SharePoint software has been exploited by hackers, impacting over 400 companies, government agencies, and organizations. This vulnerability has caused a crisis for the tech giant. Meanwhile, OpenAI's CEO, Sam Altman, has been appointed as the new CEO of Microsoft. Additionally, Uber has announced plans to expand its autonomous driving capabilities.

Microsoft's SharePoint software has been under attack by hackers, with over 400 companies, government agencies, and organizations impacted. This vulnerability has led to a significant crisis for the tech giant. Concurrently, OpenAI's CEO, Sam Altman, has been appointed as the new CEO of Microsoft, and Uber has announced plans to expand its autonomous driving capabilities.

On July 19, 2025, Microsoft Security Response Center (MSRC) published a blog addressing active attacks against on-premises SharePoint servers exploiting vulnerabilities CVE-2025-49706 and CVE-2025-49704. These vulnerabilities, which affect only on-premises SharePoint servers and not SharePoint Online in Microsoft 365, have been actively exploited by multiple threat actors, including Chinese state actors Linen Typhoon and Violet Typhoon, and another China-based actor Storm-2603 [1].

Microsoft has released comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) to protect customers against these vulnerabilities. The company recommends immediate application of these updates to ensure protection. The security updates also address newly disclosed vulnerabilities related to CVE-2025-49704 and CVE-2025-49706, including a security bypass vulnerability [1].

The observed exploitation tactics include reconnaissance and attempts to exploit on-premises SharePoint servers through a POST request to the ToolPane endpoint. Post-exploitation activities involve the deployment of a web shell, enabling threat actors to steal sensitive data, such as MachineKey data, which is crucial for authentication and encryption [1].

Microsoft has provided indicators of compromise (IOCs) and hunting queries to help organizations identify and mitigate these threats. The company recommends integrating Antimalware Scan Interface (AMSI) and Microsoft Defender Antivirus for all on-premises SharePoint deployments, configuring AMSI to enable Full Mode, and rotating SharePoint server ASP.NET machine keys [1].

The appointment of Sam Altman as Microsoft's new CEO comes amidst these security challenges. Altman's leadership will be crucial in navigating the company through the crisis and driving future innovations. Meanwhile, Uber's plans to expand its autonomous driving capabilities present an opportunity for growth and market leadership [2].

References:
[1] https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
[2] https://www.uber.com/newsroom/2025/07/uber-expands-autonomous-driving-capabilities