Particle.news
Download on the App Store
52 ARTICLES
·
last wk.

Microsoft Issues Emergency Patches for Critical SharePoint Zero-Day Vulnerability

Federal agencies recommend immediate key rotations to block persistent SharePoint exploits

A view shows a Microsoft logo at Microsoft offices in Issy-les-Moulineaux near Paris, France, January 9, 2025. REUTERS/Gonzalo Fuentes/File Photo
Microsoft signage is seen at the company's headquarters in Redmond, Washington, U.S., January 18, 2023. REUTERS/Matt Mills McKnight/File Photo
Image
Image

Overview

  • Microsoft released emergency security updates for SharePoint Subscription Edition and SharePoint 2019 while patches for the 2016 version remain under development
  • The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2025-53770 to its Known Exploited Vulnerabilities catalog, mandating federal civilian agencies to apply fixes by July 21, 2025
  • An estimated tens of thousands of on-premises SharePoint servers worldwide remain at risk from a zero-day flaw that enables remote code execution, lateral domain movement and cryptographic key theft
  • The FBI and CISA are actively monitoring the attacks and coordinating with Microsoft’s Security Response Center and private-sector partners to investigate and contain breaches
  • Organizations are urged to apply the new updates immediately, enable AMSI malware protections, rotate ASP.NET machine keys or disconnect vulnerable servers until fully secured