Particle.news
Download on the App Store
59 ARTICLES
·
11h ago

Microsoft Issues Emergency Fix for Active SharePoint Zero-Day Exploit

CISA’s federal compliance deadline of July 21 highlights the urgency of applying emergency SharePoint patches

A view shows a Microsoft logo at Microsoft offices in Issy-les-Moulineaux near Paris, France, January 9, 2025. REUTERS/Gonzalo Fuentes/File Photo
Microsoft signage is seen at the company's headquarters in Redmond, Washington, U.S., January 18, 2023. REUTERS/Matt Mills McKnight/File Photo
Image
Image

Overview

  • Microsoft released emergency security updates for SharePoint Subscription Edition and SharePoint 2019 on July 20, urging administrators to install them immediately or disconnect vulnerable servers from the internet
  • SharePoint 2016 remains exposed as Microsoft continues work on a dedicated patch for that older version
  • CISA added CVE-2025-53770 and CVE-2025-53771 to its Known Exploited Vulnerabilities catalog, requiring federal agencies to complete patching by July 21
  • The FBI is coordinating with CISA, Microsoft and private-sector partners on incident response and global threat mitigation
  • Attackers exploiting the zero-day flaw have bypassed MFA and SSO controls to exfiltrate data, deploy persistent backdoors and steal cryptographic keys on tens of thousands of on-premises servers