{"id":27282,"date":"2025-07-21T23:49:09","date_gmt":"2025-07-21T23:49:09","guid":{"rendered":"https:\/\/www.newsbeep.com\/us\/27282\/"},"modified":"2025-07-21T23:49:09","modified_gmt":"2025-07-21T23:49:09","slug":"hackers-exploit-recently-discovered-vulnerability-on-microsoft-sharepoint-servers","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/us\/27282\/","title":{"rendered":"Hackers exploit recently discovered vulnerability on Microsoft SharePoint servers"},"content":{"rendered":"<p>NEW YORK (AP) \u2014 Microsoft has issued an <a class=\"Link AnClick-LinkEnhancement\" data-gtm-enhancement-style=\"LinkEnhancementA\" href=\"https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/\" target=\"_blank\" rel=\"noopener nofollow\">emergency fix<\/a> to close off a vulnerability in Microsoft\u2019s widely-used SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some U.S. government agencies.<\/p>\n<p>The company <a class=\"Link AnClick-LinkEnhancement\" data-gtm-enhancement-style=\"LinkEnhancementA\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-53770\" target=\"_blank\" rel=\"noopener nofollow\">issued an alert<\/a> to customers Saturday saying it was aware of the zero-day exploit being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software.<\/p>\n<p>\u201cAnybody who\u2019s got a hosted SharePoint server has got a problem,\u201d said Adam Meyers, senior vice president with CrowdStrike, a cybersecurity firm. \u201cIt\u2019s a significant vulnerability.\u201d<\/p>\n<p>Companies and government agencies around the world use SharePoint for internal document management, data organization and collaboration.<\/p>\n<p>What is a zero-day exploit?<\/p>\n<p>A zero-day exploit is a cyberattack that takes advantage of a previously unknown security vulnerability. \u201cZero-day\u201d refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability.<\/p>\n<p>According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the <a class=\"Link AnClick-LinkEnhancement\" data-gtm-enhancement-style=\"LinkEnhancementA\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770\" target=\"_blank\" rel=\"noopener nofollow\">exploit affecting SharePoint<\/a> is \u201ca variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.\u201d<\/p>\n<p>Security researchers warn that the exploit, reportedly known as \u201cToolShell,\u201d is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive.<\/p>\n<p>Google\u2019s <a class=\"Link AnClick-LinkEnhancement\" data-gtm-enhancement-style=\"LinkEnhancementA\" href=\"https:\/\/www.linkedin.com\/posts\/austin-larsen_sharepoint-cybersecurity-threatintel-activity-7352536349356273665-xPaK\/\" target=\"_blank\" rel=\"noopener nofollow\">Threat Intelligence Group warned<\/a> that the vulnerability may allow bad actors to \u201cbypass future patching.\u201d<\/p>\n<p>How widespread is the impact?<\/p>\n<p>Eye Security said in its <a class=\"Link AnClick-LinkEnhancement\" data-gtm-enhancement-style=\"LinkEnhancementA\" href=\"https:\/\/research.eye.security\/sharepoint-under-siege\/\" target=\"_blank\" rel=\"noopener nofollow\">blog post<\/a> that it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. The cybersecurity company said the attacks likely began on July 18.<\/p>\n<p>Microsoft said the vulnerability affects only on-site SharePoint servers used within businesses or organizations, and does not affect Microsoft\u2019s cloud-based SharePoint Online service. <\/p>\n<p>But Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, warns that the exploit still leaves many potentially exposed to bad actors. <\/p>\n<p>\u201cWhile cloud environments remain unaffected, on-prem SharePoint deployments \u2014 particularly within government, schools, health care including hospitals, and large enterprise companies \u2014 are at immediate risk.\u201d<\/p>\n<p>What do you do now?<\/p>\n<p>The vulnerability targets SharePoint server software so customers of that product will want to immediately follow <a class=\"Link AnClick-LinkEnhancement\" data-gtm-enhancement-style=\"LinkEnhancementA\" href=\"https:\/\/msrc.microsoft.com\/blog\/2025\/07\/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770\/\" target=\"_blank\" rel=\"noopener nofollow\">Microsoft\u2019s guidance<\/a> to patch their on-site systems. <\/p>\n<p>Although the scope of the attack is still being assessed, CISA warned that the <a class=\"Link AnClick-LinkEnhancement\" data-gtm-enhancement-style=\"LinkEnhancementA\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/07\/20\/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770\" target=\"_blank\" rel=\"noopener nofollow\">impact could be widespread<\/a> and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.<\/p>\n<p>\u201cWe are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response. An immediate, band-aid fix would be to unplug your Microsoft SharePoint from the internet until a patch is available,\u201d Sikorski advises.<\/p>\n","protected":false},"excerpt":{"rendered":"NEW YORK (AP) \u2014 Microsoft has issued an emergency fix to close off a vulnerability in Microsoft\u2019s widely-used&hellip;\n","protected":false},"author":2,"featured_media":27283,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[23625,4613,28,793,4002,851,5405,1536,23626,7271,74,795,2003,2002,965],"class_list":{"0":"post-27282","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"tag-adam-meyers","9":"tag-alphabet","10":"tag-business","11":"tag-general-news","12":"tag-hacking","13":"tag-inc","14":"tag-information-security","15":"tag-microsoft-corp","16":"tag-palo-alto-networks","17":"tag-software","18":"tag-technology","19":"tag-u-s-news","20":"tag-wa-state-wire","21":"tag-washington","22":"tag-world-news"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/27282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/comments?post=27282"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/posts\/27282\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media\/27283"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/media?parent=27282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/categories?post=27282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/us\/wp-json\/wp\/v2\/tags?post=27282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}