Microsoft said the company has been 'coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners around the world throughout our response.'
Microsoft said the company has been coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners. The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has postedsaying it is aware of "active exploitation" of a new vulnerability to Microsoft SharePoint "enabling unauthorized access to on-premise SharePoint servers.
" The exploitation activity "provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network," the"The FBI is aware of the matter, and we are working closely with our federal government and private sector partners," the bureau said in a statement. According to a Microsoft customer guidance blog post issued Saturday, "Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update." "These vulnerabilities apply to on-premises SharePoint Servers only," the post added and "SharePoint Online in Microsoft 365 is not impacted." A company spokesperson said the company has been "coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners around the world throughout our response." "While the scope and impact continue to be assessed," CISA Acting Executive Assistant Director for Cybersecurity Chris Butera said in a statement, "the new common vulnerabilities and exposure , CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers." CISA was "made aware of the exploitation by a trusted partner and we reached out to Microsoft immediately to take action," the statement said. "Microsoft is responding quickly, and we are working with the company to help notify potentially impacted entities about recommended mitigations." Eye Security, a cybersecurity firm, says it "identified active large-scale exploitation" of the new vulnerability "being used in the wild" on SharePoint servers across the world and discovered "dozens of systems actively compromised," according to
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Homeland Security defends ICE arrests at immigration court hearingsThe U.S. Department of Homeland Security is defending its policy of having Immigration and Customs Enforcement officers arrest people at their immigration court hearings after a group of immigrants and advocates filed a class-action lawsuit that seeks to stop the practice.
Read more »
Microsoft Confirms Ongoing Mass SharePoint Attack — No Patch AvailableMicrosoft has confirmed that SharePoint Server is under mass attack and no patch is yet available — here’s what you need to know and how to mitigate the threat.
Read more »
Global hack on Microsoft product hits U.S., state agencies, researchers sayUnknown attackers exploited a “significant vulnerability” in Microsoft’s SharePoint collaboration software, hitting targets around the world.
Read more »
Microsoft Issues Alert After Critical SharePoint Server AttacksMicrosoft warned of active zero-day attacks on SharePoint servers used by government and businesses, with FBI investigating.
Read more »
Microsoft alerts businesses and governments to attacks on SharePoint serversMicrosoft has issued an alert about “active attacks” on server software used by government agencies and businesses to share documents within organizations and recommended security updates that customers should apply immediately.
Read more »
Microsoft SharePoint servers are under attack because of a major security flawHackers have exploited vulnerabilities in Microsoft’s SharePoint software, exposing thousands of on-premises servers used by global businesses and agencies.
Read more »