Critical Alert: Microsoft SharePoint Zero-Day Exploit Under Active Attack, Urgent Patches Issued

Critical Alert: Microsoft SharePoint Zero-Day Exploit Under Active Attack, Urgent Patches Issued

Critical Alert: Microsoft SharePoint Zero-Day Exploit Under Active Attack, Urgent Patches Issued

Critical Alert: Microsoft SharePoint Zero-Day Exploit Under Active Attack, Urgent Patches Issued
Image from AP News

Microsoft has issued an emergency fix to address a critical zero-day vulnerability (CVE-2025-49706) actively being exploited in its widely-used SharePoint server software. The flaw has enabled hackers to conduct widespread attacks on various businesses and some U.S. government agencies.

The company confirmed it became aware of the exploit on Saturday, swiftly releasing initial guidance and patches on Sunday for SharePoint Server 2019 and SharePoint Server Subscription Edition. However, engineers are still working to develop a fix for the older SharePoint Server 2016 software, leaving some organizations at continued risk.

Cybersecurity experts, including CrowdStrike and Palo Alto Networks, underscore the severity of the vulnerability, known as “ToolShell.” It allows attackers to gain full access to SharePoint file systems and connected services like Teams and OneDrive. Google’s Threat Intelligence Group also warned that this exploit might allow malicious actors to bypass future patching efforts.

Attacks are believed to have commenced around July 18, with Eye Security reporting that scans of over 8,000 SharePoint servers worldwide revealed dozens of compromised systems. It’s crucial to note that this vulnerability exclusively affects on-premise SharePoint servers used by organizations and does not impact Microsoft’s cloud-based SharePoint Online service.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning, recommending that organizations running on-premise SharePoint immediately apply all available patches, rotate cryptographic material, and consider disconnecting affected servers from the internet until fixes are fully implemented. Enterprises, particularly in government, education, healthcare, and large corporations, are at immediate risk and are urged to take swift action.

阅读中文版 (Read Chinese Version)

Disclaimer: This content is aggregated from public sources online. Please verify information independently. If you believe your rights have been infringed, contact us for removal.