Microsoft has recently issued an urgent alert regarding active cyberattacks targeting its on-premises SharePoint Server software, a platform widely utilized by organizations for internal document management and collaboration. These attacks exploit previously unknown vulnerabilities, commonly referred to as "zero-day" exploits, allowing unauthorized access to sensitive information and systems.
The identified vulnerabilities, designated as CVE-2025-53770 and CVE-2025-53771, enable attackers to execute code remotely and perform spoofing attacks over networks. These flaws are present in on-premises versions of SharePoint Server, including the 2016, 2019, and Subscription Editions. Notably, SharePoint Online, the cloud-based version within Microsoft 365, remains unaffected by these vulnerabilities. (pcgamer.com)
Source: The Wall Street Journal https://www.wsj.com/tech/cybersecurity/microsoft-alerts-firms-to-server-software-attack-99f9b036/?gaa_at=eafs&gaa_n=ASWzDAhbULAh__9aMFOMhBBDDpPJRs8ZH6w8obk1h9-DYW5LA7NBSv0Ajy-4&gaa_sig=PZtQip-Bqprf-cQoREem_Tx5v43uZ2bjD6Cb5Esq7c2Q9DyMrc_Df9aji4Xyyt9kZmbK0aelaVLzT-FY2vsv6Q%3D%3D&gaa_ts=687fe7e8
Nature of the Vulnerability
The identified vulnerabilities, designated as CVE-2025-53770 and CVE-2025-53771, enable attackers to execute code remotely and perform spoofing attacks over networks. These flaws are present in on-premises versions of SharePoint Server, including the 2016, 2019, and Subscription Editions. Notably, SharePoint Online, the cloud-based version within Microsoft 365, remains unaffected by these vulnerabilities. (pcgamer.com)Scope and Impact
Cybersecurity firms Eye Security and the Shadowserver Foundation have reported that approximately 100 organizations have been compromised through these exploits. The majority of affected entities are located in the United States and Germany, encompassing government agencies, industrial firms, financial institutions, and healthcare organizations. The attacks allow adversaries to gain persistent access to systems, potentially leading to data exfiltration and further network infiltration. (reuters.com)Microsoft's Response
In response to these active threats, Microsoft has released security updates aimed at mitigating the vulnerabilities in SharePoint Server 2019 and the Subscription Edition. Patches for SharePoint Server 2016 are currently under development. Organizations are strongly urged to apply these updates immediately to protect their systems. For those unable to implement the recommended protections promptly, Microsoft advises disconnecting vulnerable servers from the internet until patches can be applied. (apnews.com)Recommendations for Organizations
Given the severity of these attacks, organizations should take the following steps:- Apply Security Updates: Ensure that all available patches for SharePoint Server are applied without delay.
- Monitor Systems: Conduct thorough reviews of server logs and network activity to detect any signs of compromise.
- Isolate Affected Servers: If immediate patching is not feasible, disconnect vulnerable servers from external networks to prevent exploitation.
- Engage Cybersecurity Professionals: Seek assistance from cybersecurity experts to assess and remediate potential breaches.
Source: The Wall Street Journal https://www.wsj.com/tech/cybersecurity/microsoft-alerts-firms-to-server-software-attack-99f9b036/?gaa_at=eafs&gaa_n=ASWzDAhbULAh__9aMFOMhBBDDpPJRs8ZH6w8obk1h9-DYW5LA7NBSv0Ajy-4&gaa_sig=PZtQip-Bqprf-cQoREem_Tx5v43uZ2bjD6Cb5Esq7c2Q9DyMrc_Df9aji4Xyyt9kZmbK0aelaVLzT-FY2vsv6Q%3D%3D&gaa_ts=687fe7e8
