Particle.news
Download on the App Store
67 ARTICLES
·
last wk.

Microsoft Deploys Emergency Updates for Exploited SharePoint Zero-Day

Federal agencies are coordinating with Microsoft to counter persistent SharePoint intrusions.

A view shows a Microsoft logo at Microsoft offices in Issy-les-Moulineaux near Paris, France, January 9, 2025. REUTERS/Gonzalo Fuentes/File Photo
Microsoft signage is seen at the company's headquarters in Redmond, Washington, U.S., January 18, 2023. REUTERS/Matt Mills McKnight/File Photo
Image
Image

Overview

  • The zero-day flaw CVE-2025-53770, publicly dubbed “ToolShell,” was identified on July 18 and allows unauthenticated attackers to execute code and perform spoofing on on-premises SharePoint servers.
  • Microsoft has released emergency patches for SharePoint Subscription Edition and SharePoint 2019 and is finalizing fixes for SharePoint 2016 and earlier versions.
  • Customers unable to apply the immediate updates or enable recommended malware protection are urged to disconnect their on-premises SharePoint servers from the internet until patches are available.
  • The FBI and CISA are collaborating with Microsoft and private cybersecurity firms to share threat intelligence, assess the breach’s scope and guide incident response efforts.
  • Security researchers report that attackers are bypassing MFA and SSO controls to deploy persistent backdoors and steal cryptographic keys, indicating that existing compromises may survive patching.