Microsoft has confirmed that SharePoint Server is under mass attack and no patch is yet available — here’s what you need to know and how to mitigate the threat.
vulnerability, there is no patch, no magic update, to remedy this one. Which is bad news for Microsoft SharePoint Server users, as CVE-2025-53770 is currently under confirmed “mass attack” and on-premises servers across the world are being compromised.
Here’s what you need to know and do.going viral. The first of those can be mitigated by basic security hygiene, and the latter appears to be a false alarm. The same cannot be said for CVE-2025-53770, a newly uncovered and confirmed attack against users of SharePoint Server which is currently undergoing mass exploitation on a global level, according to thethat not only is it “aware of active attacks” but, worryingly, “a patch is currently not available for this vulnerability.” CVE-2025-53770, which is also being called ToolShell, is a critical vulnerability in on-premises SharePoint. The end result of which is the ability for attackers to gain access and control of said servers without authentication. If that sounds bad, it’s because it is. Very bad indeed. “The risk is not theoretical,” the researchers warned, “attackers can execute code remotely, bypassing identity protections such as MFA or SSO.” Once they have, they can then “access all SharePoint content, system files, and configurations and move laterally across the Windows Domain.”And then there’s the theft of cryptographic keys. That can enable an attacker to “impersonate users or services,” according to the report, “even after the server is patched.” So, even when a patch is eventually released, and I would expect an emergency update to arrive fairly quickly for this one, the problem isn’t solved. You will, it was explained, “need to rotate the secrets allowing all future tokens that can be created by the malicious actor to become invalid.” And, of course, as SharePoint will often connect to other core services, including the likes of Outlook and Teams, oh and not forgetting OneDrive, the threat, if exploited, can and will lead to “data theft, password harvesting, and lateral movement across the network,” the researchers warned. While the Microsoft Security Response Center has stated that it is “actively working to release a security update,” and will “provide additional details as they are available,” there is no patch at the time of writing. In the meantime, it advised that customers should apply the following mitigations:” Configure Antimalware Scan Interface integration in SharePoint and deploy Defender AV on all SharePoint servers. “If you cannot enable AMSI,” Microsoft said, “we recommend you consider disconnecting your server from the internet until a security update is available.”
Sharepoint Attack Sharepoint Hack Sharepoint Hack Attack Microsoft Confirms Sharepoint Attack CVE-2025-53770 Eye Research Sharepoint Server Hack Microsoft Sharepoint Warning
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Microsoft confirms largest layoffs since 2023Frank Sumrall is a content editor for MyNorthwest originally from the North Bay in California.
Read more »
Microsoft Confirms It’s Deleting Passwords In 29 Days — Act NowTime is running out — these Microsoft passwords will be deleted in August.
Read more »
Microsoft Confirms Windows 11 Update Causes Security Firewall ErrorAnother Windows update, another problem caused by an update — what you need to know as users report Windows Firewall error.
Read more »
‘We Apologize’—Microsoft Confirms Windows Update MistakeMicrosoft suddenly admits mistake as Windows issue gets worse.
Read more »
‘We Apologize’—Microsoft Confirms Windows Update MistakeMicrosoft suddenly admits mistake as Windows issue gets worse.
Read more »
‘We Apologize’—Microsoft Confirms Windows Update MistakeMicrosoft suddenly admits mistake as Windows issue gets worse.
Read more »