Thousands of Firms Targeted by Microsoft SharePoint Server Vulnerabilities
Microsoft’s SharePoint software is currently under threat from malicious actors exploiting a remote code execution (RCE) vulnerability. This security flaw allows unauthorized access to on-premise servers used by numerous organizations. Microsoft has acknowledged the issue and has begun rolling out security patches to mitigate ongoing attacks, with additional updates expected soon.
Details of the Vulnerability
The vulnerability affecting SharePoint on-premise servers was first reported on July 18 by researchers from the European cybersecurity firm Eye Security. They identified a zero-day vulnerability, now designated as CVE-2025-53770, which enables attackers to infiltrate servers without relying on traditional methods like brute force attacks or phishing. This exploit is particularly concerning as it allows threat actors to execute code on the network, gaining access to sensitive SharePoint content, including internal configurations and file systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings regarding the potential for these attackers to use stolen credentials to impersonate legitimate users. This capability allows them to modify server components and install additional malicious code, ensuring persistent access even after security patches are applied or systems are rebooted. The situation is exacerbated by the fact that this zero-day vulnerability is a weaponized version of an exploit demonstrated at the Pwn2Own Berlin security contest earlier this year.
Active Exploitation and Response
Palo Alto Networks’ Unit 42 has reported observing “active global exploitation” of SharePoint vulnerabilities, indicating that organizations worldwide are being targeted. They have shared further details about these attacks through their GitHub threat intelligence repository. In response to the escalating threat, the Microsoft Security Response Center (MSRC) confirmed that the vulnerability is being actively exploited and has released a security patch aimed at protecting SharePoint Subscription Edition and SharePoint 2019 servers.
Despite these efforts, Microsoft has not yet provided a security update for SharePoint 2016 servers, leaving users of that version vulnerable. The company has advised all customers to apply the July 2025 security updates promptly. Additionally, they recommend setting up the Antimalware Scan Interface (AMSI) in SharePoint and deploying Microsoft Defender or similar security solutions to enhance protection against potential attacks.
Mitigation Strategies and Recommendations
To combat the ongoing threat, Microsoft has outlined several mitigation strategies for organizations using SharePoint. These include applying the latest security updates, which are crucial for protecting against the identified vulnerabilities. The company emphasizes the importance of implementing the Antimalware Scan Interface (AMSI) within SharePoint to help detect and prevent malicious activities.
Organizations are also encouraged to utilize Microsoft Defender or comparable security solutions to bolster their defenses. By taking these proactive measures, companies can significantly reduce their risk of falling victim to these sophisticated attacks. As the situation evolves, Microsoft continues to monitor the threat landscape and is committed to providing timely updates and patches to safeguard its users.
Observer Voice is the one stop site for National, International news, Sports, Editorโs Choice, Art/culture contents, Quotes and much more. We also cover historical contents. Historical contents includes World History, Indian History, and what happened today. The website also covers Entertainment across the India and World.
