T4K3.news

Microsoft Issues Urgent Patch for SharePoint Vulnerability

Microsoft confirms ongoing cyber attacks exploiting SharePoint flaws, urging immediate action from users.

July 21, 2025 at 03:30 AM

Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft warns users about active exploits of SharePoint vulnerabilities affecting on-premises systems.

Microsoft Issues Critical Update for SharePoint Amid Ongoing Cyber Attacks

Microsoft has released urgent security patches for vulnerabilities in SharePoint, which are being actively exploited. Specifically, these flaws target on-premises users, with at least 54 organizations, including banks and universities, already compromised. The vulnerability, classified as CVE-2025-53770, enables remote code execution due to the deserialization of untrusted data. Another flaw, CVE-2025-53771, involves a spoofing issue. Microsoft has stated that the patches will provide more robust protections than previous updates. The U.S. Cybersecurity and Infrastructure Security Agency has added the primary vulnerability to its list of known exploited vulnerabilities, requiring federal agencies to apply fixes by July 21, 2025. Experts warn that organizations must take immediate action, including patching and rotating cryptographic keys, to protect their systems.

Key Takeaways

✔️

Microsoft patched severe vulnerabilities in SharePoint for on-premises users

✔️

At least 54 organizations have been attacked, including banks and universities

✔️

CVE-2025-53770 scores 9.8 for severity, indicating critical risk

✔️

CISA has mandated federal agencies apply fixes by July 21, 2025

✔️

Experts emphasize that patching alone may not fully mitigate the threat

✔️

Organizations must rotate cryptographic keys and enhance security measures immediately.

"Attackers are bypassing identity controls, including MFA and SSO, to gain privileged access."

Michael Sikorski explains how attackers are exploiting SharePoint vulnerabilities to penetrate systems.

"A false sense of security could result in prolonged exposure and widespread compromise."

Michael Sikorski warns about the dangers of complacency among organizations post-exploit.

The urgency of this situation reflects broader trends in cybersecurity, where vulnerabilities in widely used software can expose critical infrastructures to severe risks. Companies relying on on-premises systems, like SharePoint, often face significant challenges in maintaining security. The interconnectedness of various Microsoft services heightens these risks, making it vital for organizations to prioritize timely updates and security measures. This incident underscores the need for a robust defense strategy against increasingly sophisticated cyber threats.

Highlights

Patching alone is insufficient to fully evict the threat.
If SharePoint is exposed to the internet, assume compromise has occurred.
An immediate fix is disconnecting SharePoint from the internet.
This incident highlights the critical need for timely security updates.

Urgent cybersecurity risk for Microsoft SharePoint

Active exploitation of vulnerabilities in SharePoint poses significant risks for on-premises users, requiring immediate patching and security measures to prevent data breaches.

As cyber threats evolve, organizations must stay vigilant and proactive in their security strategies.

🏷️

microsoft sharepoint cybersecurity vulnerabilities patching technology cybersecurity

Enjoyed this? Let your friends know!