Particle.news

Download on the App Store

Microsoft Releases Emergency SharePoint Patches After Chinese-Linked Zero-Day Exploits

Customers are urged to stay vigilant after patches address a critical authentication bypass exploited by state-affiliated hackers

Overview

  • Microsoft publicly attributed coordinated intrusions beginning July 7 to three Chinese-affiliated networks—Linen Typhoon, Violent Typhoon and Storm-2603
  • Attackers leveraged a zero-day ToolShell vulnerability in on-premises SharePoint servers to bypass authentication and access systems as legitimate users
  • Emergency updates apply only to on-premises SharePoint deployments while cloud-based instances remain unaffected by the campaign
  • China’s government rejected the allegations as unfounded even as Google confirmed increased interest in the vulnerability from Chinese-linked groups
  • The company pledged to roll out continuous security updates to strengthen defenses against anticipated future intrusions