Particle.news

Download on the App Store

Microsoft Issues Partial Patch After Global SharePoint Zero-Day Exploits

U.S., Canadian and Australian authorities have launched investigations after identifying data exfiltration across dozens of compromised organizations

Image
Image
Image
Image

Overview

  • Microsoft’s July 20 update secures one SharePoint on-premises release but leaves two other server versions vulnerable pending additional patches.
  • The FBI reports that dozens of federal, state and corporate networks have suffered data breaches in this campaign.
  • Attackers exploited the ToolShell zero-day flaw to execute remote code on on-premises SharePoint servers while cloud-hosted Microsoft 365 services remained unaffected.
  • CISA and its Canadian and Australian counterparts have published mitigation recommendations urging immediate patching, credential rotation and traffic monitoring.
  • The ToolShell vulnerability (CVE-2025-53770/53771), first revealed at May’s Pwn2Own contest, underscores gaps in enterprise patch management.