Microsoft SharePoint Emergency Patches Released to Combat Active Exploitation: Protecting Your Data and Infrastructure.
  • 222 views
  • 2 min read

Microsoft has released emergency security updates to address two actively exploited zero-day vulnerabilities in its SharePoint Server software. The vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, affect on-premises versions of Microsoft SharePoint Server and have been exploited in attacks dubbed "ToolShell".

CVE-2025-53770 is a critical remote code execution vulnerability, with a CVSS v3.1 base score of 9.8. It stems from the deserialization of untrusted data, allowing an unauthenticated attacker to execute arbitrary code on a vulnerable SharePoint server. CVE-2025-53771 is a medium-severity server spoofing vulnerability, with a CVSS v3.1 base score of 6.3, resulting from improper limitation of a pathname to a restricted directory. This can be chained with CVE-2025-53770 to facilitate lateral movement and persistence.

The ToolShell attack chain allows attackers to fully access SharePoint content, including file systems and configurations, and execute arbitrary code over the network. Eye Security identified large-scale exploitation activity starting on July 18, 2025, with attackers planting shells on compromised SharePoint servers to leak sensitive data and gain complete remote access. Victims include federal and state agencies, universities, and energy companies. It is estimated that over 54 organizations have been affected.

Microsoft has released emergency out-of-band security updates for Microsoft SharePoint Subscription Edition, SharePoint 2019, and SharePoint 2016 to address these vulnerabilities. The updates include more robust protections than those released in the July 2025 Patch Tuesday updates for CVE-2025-49704 and CVE-2025-49706, which are related vulnerabilities.

Specifically, the following updates are available:

  • KB5002754 for Microsoft SharePoint Server 2019 Core and KB5002753 for the Microsoft SharePoint Server 2019 Language Pack.
  • KB5002760 for Microsoft SharePoint Enterprise Server 2016 and KB5002759 for the Microsoft SharePoint Enterprise Server 2016 Language Pack.
  • KB5002768 for Microsoft SharePoint Subscription Edition.

Microsoft urges SharePoint administrators to install these security updates immediately. In addition to patching, administrators are advised to rotate the SharePoint machine keys. This can be done manually via PowerShell.

Due to the mass exploitation of this flaw, organizations should assume their SharePoint systems have been compromised if they were exposed to the Internet before the patch was applied. It is recommended to rotate cryptographic keys and initiate investigations to look for indicators of compromise.

CISA has added CVE-2025-53770 to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal civilian agencies to apply mitigations immediately. CISA also strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation.


Writer - Nisha Gupta
Nisha Gupta is a driven journalist, eager to make her mark in the media landscape, fueled by a passion for sports. With a strong academic background in communication and a sharp analytical mind, she excels at research. Nisha is particularly drawn to stories about technological advancements and their societal impact, aiming to deliver insightful, well-rounded reports that inform and engage her audience. Her love for sports also inspires her pursuit of objective analysis and compelling narratives.
Advertisement

Latest Post


Business  |  Jul 23, 2025
Paytm Shares in Focus After First-Ever Quarterly Profit Paytm, the fintech platform operated by One 97 Communications, has reported a net profit of ₹123 crore for the quarter ended June 2025 (Q1FY26). This marks a significant turnaround from a loss ...

Sports  |  Jul 23, 2025
The third Test between England and India at Lord's witnessed a heated exchange between India's captain, Shubman Gill, and England's opener, Zak Crawley, regarding time-wasting tactics employed by the latter. The incident occurred during the final ove...

Sports  |  Jul 23, 2025
Sarina Wiegman has lauded Michelle Agyemang as "something special" after the 19-year-old's stellar performances at Euro 2025, where she has twice rescued England from the brink of elimination. Agyemang's contributions have been crucial in securing th...

Sports  |  Jul 23, 2025
Chloe Kelly has once again etched her name into England's footballing folklore, delivering a late winner to secure the Lionesses' place in the Euro 2025 final. This victory extends an unbelievable trend for the England women's national team, showcasi...

Advertisement
Sports  |  Jul 23, 2025
The Lionesses have reached the Euro 2025 final after a hard-fought semi-final match against Italy, securing a 2-1 victory in extra time. However, their performance was far from convincing, and their progression to the final can be attributed, in part...

World  |  Jul 23, 2025
The Bombay High Court's recent acquittal of Mohammed Ali Shaikh from conspiracy charges in the 7/11 train bombings case has brought renewed scrutiny to the investigation and the pressures some individuals face during high-profile investigations. Shai...

Sports  |  Jul 23, 2025
England fans endured another nerve-wracking night as the Lionesses edged closer to the Women's Euro 2025 final. The semi-final match against Italy was far from a comfortable victory, filled with drama and requiring extra time to secure a 2-1 win. Th...

World  |  Jul 22, 2025
The world's most expensive Earth-imaging satellite, the NASA-ISRO Synthetic Aperture Radar (NISAR), is scheduled to launch on July 30, 2025, at 17:40 IST from the Satish Dhawan Space Centre in Sriharikota. This joint mission between the Indian Space ...

Advertisement
About   •   Terms   •   Privacy
© 2025 DailyDigest360