Microsoft SharePoint vulnerability: Why MS has released a 'zero-day' urgent update and who is at risk
What is the SharePoint zero-day vulnerability?
The vulnerability, found in Microsoft SharePoint, is a type of zero-day flaw. Zero-day vulnerabilities refer to unknown security issues that attackers can exploit before developers have time to release a fix.
Microsoft SharePoint
is widely used by organisations for internal file sharing, team collaboration, and document management.
Explore courses from Top Institutes in
Please select course:
Select a Course Category
healthcare
Data Science
Finance
Others
Data Science
Project Management
others
Healthcare
Leadership
Artificial Intelligence
Public Policy
Data Analytics
Technology
MCA
Digital Marketing
Product Management
Degree
Management
CXO
PGDM
MBA
Cybersecurity
Design Thinking
Skills you'll gain:
Duration:
11 Months
IIM Lucknow
CERT-IIML Healthcare Management India
Starts on
undefined
Get Details
Skills you'll gain:
Duration:
11 Months
IIM Lucknow
CERT-IIML Healthcare Management India
Starts on
undefined
Get Details
In an alert issued on Saturday, July 19, Microsoft confirmed that the vulnerability was already being exploited. A day later, on Sunday, July 20, the company issued guidance for applying security patches to SharePoint Server 2019 and SharePoint Server Subscription Edition. Microsoft said it was still working on a patch for SharePoint Server 2016.
by Taboola
by Taboola
Sponsored Links
Sponsored Links
Promoted Links
Promoted Links
You May Like
Join new Free to Play WWII MMO War Thunder
War Thunder
Play Now
Undo
Microsoft Sharepoint: Older servers still at risk
Microsoft's fix currently covers only the newer versions of the software. Users of SharePoint Server 2016 will remain exposed until a patch is developed. Experts warn that any organisation running on-premise SharePoint servers should treat the situation as urgent.
Adam Meyers, senior vice president at
cybersecurity
firm CrowdStrike, told the Associated Press, "Anybody who's got a hosted SharePoint server has got a problem." He added, "It's a significant vulnerability."
Live Events
When did the attacks begin?
According to cybersecurity company Eye Security, attackers may have started exploiting the vulnerability as early as July 18. The company said it scanned over 8,000 SharePoint servers globally and found that at least dozens had been compromised.
Security researchers identified the exploit as 'ToolShell,' which reportedly allows attackers full access to SharePoint file systems. Services integrated with SharePoint, such as Microsoft Teams and OneDrive, are also at risk. Google's Threat Intelligence Group warned that the flaw could even enable attackers to "bypass future patching."
Government warning and recommended action
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has described the exploit as "a variant of the existing vulnerability CVE-2025-49706" and said it threatens organisations using on-premise SharePoint servers. The agency urged affected entities to take their servers offline until they are patched, warning that the impact of the breach could be widespread.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
News18
14 minutes ago
- News18
Mercedes-Benz To Allow Teams Calls While Driving, Internet Says ‘Made For Bengaluru'
Last Updated: Mercedes-Benz and Microsoft's collaboration marks the first time a car manufacturer has offered in-motion video call capabilities without distracting the driver with any content. Mercedes-Benz has joined hands with Microsoft to launch a feature that allows drivers to take video meetings while on the road. As surprising as it may sound, the luxury carmaker will now let users access Microsoft Teams Meetings from inside their vehicles even while driving. The new feature is being introduced through the Mercedes-Benz Operating System ( which debuts with the newly unveiled CLA model. It marks the first time a car manufacturer has offered in-motion video call capabilities without distracting the driver with any content. How Does It Work? Mercedes-Benz says the Teams Meetings integration will allow drivers to join calls using an in-built camera. This means drivers will be visible to other participants during a meeting. But to ensure safety, the driver will not be able to see video footage of other participants when the vehicle is in motion. 'Given the brand's focus on safety, the use of the camera abides by the laws of each country and has been approved for use while the vehicle is in motion. The meeting video stream turns off automatically as soon as the camera is activated to prevent driver distraction," Mercedes-Benz said in an official press release. One X user called it a feature 'not a single soul asked for." Another posted, 'Can't even have peace while driving now. Insane. Bring back the days of travel without constant connection." 'Peak integrating solutions into nobody's problem," someone else said. A person wrote, 'I think it is one of the funniest things I ever heard. We are going to make your commute more of a pain." The jokes continued on Team BHP, one of India's most popular car forums. 'Looks like it was specially made for Bengaluru. Anyway people are stuck in traffic, let's make the most of it," an individual jokingly shared. Another said, 'Oh that's great! Now they'll get to see me curse at the traffic all the way to my office now!" Microsoft 365 Copilot Also Onboard Beyond Teams video calls, the collaboration is also bringing Microsoft 365 Copilot to the Mercedes-Benz cabin. This will allow drivers to use voice commands to manage emails and manage daily tasks. The idea, as Mercedes-Benz puts it, is to create a 'third workspace." Disclaimer: Comments reflect users' views, not News18's. Please keep discussions respectful and constructive. Abusive, defamatory, or illegal comments will be removed. News18 may disable any comment at its discretion. By posting, you agree to our Terms of Use and Privacy Policy.
Time of India
20 minutes ago
- Time of India
Cash discovery row: SC questions Justice Yashwant Varma over his petition
New Delhi: The Supreme Court on Monday questioned Allahabad High Court Judge Yashwant Varma over his plea seeking invalidation of a report by an in-house inquiry panel which found him guilty of misconduct in the cash discovery row . A bench of Justices Dipankar Datta and AG Masih quizzed Justice Varma over the parties made in the petition and said he should have filed an in-house inquiry report with his plea. Explore courses from Top Institutes in Please select course: Select a Course Category Product Management MBA MCA Project Management Design Thinking others Degree Finance Digital Marketing Healthcare Technology Data Science healthcare Management Artificial Intelligence PGDM Data Science CXO Operations Management Data Analytics Leadership Others Public Policy Cybersecurity Skills you'll gain: Product Strategy & Roadmapping User-Centric Product Design Agile Product Development Market Analysis & Product Launch Duration: 24 Weeks Indian School of Business Professional Certificate in Product Management Starts on Jun 26, 2024 Get Details Skills you'll gain: Creating Effective Product Roadmap User Research & Translating it to Product Design Key Metrics via Product Analytics Hand-On Projects Using Cutting Edge Tools Duration: 12 Weeks Indian School of Business ISB Product Management Starts on May 14, 2024 Get Details Skills you'll gain: Product Strategy & Competitive Advantage Tactics Product Development Processes & Market Orientations Product Analytics & Data-Driven Decision Making Agile Development, Design Thinking, & Product Leadership Duration: 40 Weeks IIM Kozhikode Professional Certificate in Product Management Starts on Jun 26, 2024 Get Details Senior advocate Kapil Sibal , appearing for Justice Varma, submitted that there is a process under Article 124 (the Establishment and constitution of the Supreme Court), and a judge can't be a subject matter of public debate. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Cardiologist Reveals: The Simple Morning Habit for a Flatter Belly After 50! Lulutox Undo "The release of video on SC website, public furore, media accusations against judges are prohibited as per constitutional scheme," Sibal said. At this point, the bench said, "Why did you appear before the inquiry committee? Did you take a chance of a favourable order there first?" Live Events The hearing is underway.
Time of India
20 minutes ago
- Time of India
How China's Shaolin ‘CEO monk' suffered a great fall? Under probe for ‘improper relationship' with women, illegitimate kids, and embezzlement
Shi Yongxin , the abbot of China 's iconic Shaolin Temple , is under investigation for alleged embezzlement and violations of Buddhist conduct, the temple's administration confirmed in a statement on Sunday, July 27. The statement said Shi is suspected of misappropriating project funds and temple assets. He is also accused of violating Buddhist precepts by maintaining improper relationships with multiple women over an extended period and fathering at least one child, which the temple authority called illegitimate in their WeChat post, a serious breach of monastic vows that require celibacy. Explore courses from Top Institutes in Please select course: Select a Course Category Data Science Technology CXO others Artificial Intelligence Operations Management Data Analytics Public Policy Healthcare MCA Project Management Design Thinking PGDM Digital Marketing Management Degree healthcare Finance Leadership Data Science MBA Cybersecurity Product Management Others Skills you'll gain: Duration: 10 Months IIM Kozhikode CERT-IIMK DABS India Starts on undefined Get Details Skills you'll gain: Duration: 11 Months E&ICT Academy, Indian Institute of Technology Guwahati CERT-IITG Postgraduate Cert in AI and ML India Starts on undefined Get Details Skills you'll gain: Duration: 11 Months IIT Madras CERT-IITM Advanced Cert Prog in AI and ML India Starts on undefined Get Details Skills you'll gain: Duration: 10 Months E&ICT Academy, Indian Institute of Technology Guwahati CERT-IITG Prof Cert in DS & BA with GenAI India Starts on undefined Get Details Skills you'll gain: Duration: 30 Weeks IIM Kozhikode SEPO - IIMK-AI for Senior Executives India Starts on undefined Get Details Also Read: At 58, Adam Sandler revisits Happy Gilmore, but his most personal work still honors his Russian-Jewish heritage by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like This Could Be the Best Time to Trade Gold in 5 Years IC Markets Learn More Undo Several government departments are jointly conducting the investigation. The temple administration said, 'Relevant information will be announced to the public in a timely manner. " Shi has not commented publicly, and CNN has been unable to reach him. Who is Shi Yongxin? Live Events Shi Yongxin, 59, has led the Shaolin Temple since 1999. Known in Chinese media as the 'CEO monk,' he is widely recognized for commercializing the temple and expanding its global presence. He is the first Chinese abbot to hold an MBA and has been active in politics, serving as a delegate to China's National People's Congress for two decades. He was frequently spotted traveling around the world with an iPhone in hand, meeting influential figures such as the late Queen Elizabeth II of Great Britain, the late South African President Nelson Mandela, Henry Kissinger, and Apple CEO Tim Cook. In February 2025, Shi led a delegation of monks to meet Pope Francis at the Vatican. Under his leadership, the temple licensed its name to films, games, and cartoons, staged Shaolin kung fu performances globally, and entered into publishing, traditional Chinese medicine, tourism, and real estate ventures. Past criticism Shi's efforts to brand and commercialize Shaolin drew criticism over the years, with some accusing him of undermining the temple's spiritual role. According to a CNN report, in 2006, he accepted a 1 million yuan car from a local government to promote tourism, which sparked backlash. At the time, he told Chinese state media, 'Monks are also citizens… we have fulfilled our duties and made contributions to society.' In 2015, Shi Yongxin faced a wave of allegations posted on Chinese social media by an anonymous user claiming to be a former disciple. The accusations included embezzlement, having multiple identities, and fathering children, charges that made national headlines. The Shaolin Temple denied the claims, calling them 'fabricated and malicious,' and authorities launched an investigation. According to Caixin Global and CNN, the probe concluded in 2017 with no evidence to support the allegations, and Shi was cleared of wrongdoing. Despite that, Shi remained influential and was re-elected in 2020 as deputy head of the Buddhist Association of China . Consequences On Monday, July 28, the Buddhist Association of China announced, citing the Shaolin Temple Management's situation report, that Shi had been stripped of his ordination certificate. In a statement quoted by CNN, the association said his actions were 'of an extremely egregious nature, severely tarnishing the reputation of the Buddhist community.' The Shaolin Temple, founded over 1,500 years ago (AD 495) in Henan province, is revered worldwide for its connection to Zen Buddhism and Shaolin kung fu. It is the birthplace of Chan Buddhism, a precursor to the meditative Zen tradition, and is famous for its 'warrior monks.'
