Kaspersky reveals SharePoint ToolShell vulnerabilities stem from incomplete 2020 fix
The SharePoint vulnerabilities have emerged as a major cybersecurity threat this year amid active exploitation. Kaspersky Security Network showed exploitation attempts worldwide, including in Egypt, Jordan, Russia, Vietnam and Zambia. The attacks target organizations across government, finance, manufacturing, forestry and agriculture sectors. Kaspersky solutions proactively detected and blocked ToolShell attacks before the vulnerabilities were publicly disclosed.
Kaspersky GReAT researchers analyzed the published ToolShell exploit and found it alarmingly similar to the 2020 CVE-2020-1147 exploit. This suggests that the CVE-2025-53770 patch is, in fact, an effective fix for the vulnerability that CVE-2020-1147 attempted to address five years ago.
The connection to CVE-2020-1147 became evident following the discovery of CVE-2025-49704 and CVE-2025-49706, patched on July 8. However, these fixes could be bypassed by adding a single forward slash to the exploit payload. Once Microsoft learned of active exploitation of these vulnerabilities, they responded with comprehensive patches that addressed potential bypass methods, designating the vulnerabilities as CVE-2025-53770 and CVE-2025-53771. The surge in attacks against SharePoint servers worldwide occurred during the window between initial exploitation and full patch deployment.
Despite patches now being available for the ToolShell vulnerabilities, Kaspersky expects attackers will continue exploiting this chain for years to come.
"Many high-profile vulnerabilities remain actively exploited years after discovery — ProxyLogon, PrintNightmare and EternalBlue still compromise unpatched systems today. We expect ToolShell to follow the same pattern: its ease of exploitation means the public exploit will soon appear in popular penetration testing tools, ensuring prolonged use by attackers," said Boris Larin, principal security researcher at Kaspersky GReAT.
To stay safe, Kaspersky recommends:
Organizations using Microsoft SharePoint must apply the latest security patches immediately. This applies to all high-risk vulnerabilities, as even brief exposure can lead to compromise.
Deploy cybersecurity solutions that protect against zero-day exploits when patches aren't yet available. Kaspersky Next, with its Behavior Detection component, proactively blocks exploitation of such vulnerabilities.
Read the full report on Securelist.com
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tahawul Tech
18 minutes ago
- Tahawul Tech
Spain's wiretap contract with Huawei raises concerns
The decision by the Spanish government to award Huawei a €12 million wiretap contract has drawn criticism from the European Commission (EC). This action is seen as going against its long-term stance of not allowing so-called high-risk vendors to install new telecoms equipment in the bloc. The Financial Times (FT) reported the EC has cautioned Spain against relying on Huawei, stating the company 'represents materially higher risks' than other telecoms suppliers. Its comments come after it emerged last week Spain had signed a contract with Huawei for the vendor to provide hardware to store wiretaps, used for law enforcement and by Spain's intelligence services. Apparently news of the contract led to two senior US lawmakers asking the US government to review its intelligence sharing with Spain. The EC has told operators across the European Union to place restrictions on high-risk suppliers such as Huawei and ZTE, including a stop on the installation of new equipment. Two years ago, then European Commissioner Thierry Breton bemoaned slow progress in placing restrictions on vendors deemed high risk, while stating those that excluded the two Chinese vendors from 5G build outs were justified in doing so and in-line with its recommendations. It also released a 5G toolbox of policy recommendations, tailored to the bloc's cyber security. However, FT reported Spain is one of the EU's most China-friendly nations, while Prime Minister Pedro Sanchez has a testy relationship with US President Donald Trump. Huawei, which has always maintained its equipment is not used for spying, stated its products in Spain 'strictly comply with local laws and regulations, as with applicable product admission criteria and standards'. Source: Mobile World Live Image Credit: Stock Image
Zawya
an hour ago
- Zawya
Equiti brings smart lighting to the heart of Amman with new community initiative
AMMAN, Jordan/PRNewswire/ -- Equiti Group Limited (Jordan), a leading multi-asset broker and fintech provider, has partnered with the Greater Amman Municipality to launch a smart lighting project at Shmeisani Circle – one of the city's busiest commuter zones near the vibrant Abdali district. This community-first initiative is part of Equiti's broader belief that creating meaningful impact begins at the local level. As part of its ongoing commitment, Equiti has sponsored the installation of cutting-edge, energy-efficient LED lighting curbs at the high-traffic intersection of Queen Noor Street and Prince Shaker bin Zaid Street. The lighting, visible from over 300 metres, is designed to improve road safety, modernise urban infrastructure, and support Amman's sustainability goals for a smarter, greener capital. "This initiative reflects Equiti's commitment to active community engagement," said Lutfi Shahin, CEO of Equiti Jordan. "Through this collaboration with the Greater Amman Municipality Committee, we're proud to contribute to road safety and help enhance the beauty of the capital we love." The Greater Amman Municipality Committee has welcomed the initiative as a model for public-private collaboration, demonstrating how international companies can contribute to civic development through energy-efficient innovation and smart technology. The project was delivered in partnership with Majdi Murad, co-founder of Jordanian firm Paktechnologies Co., a pioneer in smart safety solutions. Murad's firm developed the "Light Curbstone Block" – a technology that combines aesthetics and function to elevate urban safety. "At Paktechnologies, we're proud to work with partners like Equiti who share our vision for building better cities," commented Murad. "Our invention, the Light Curbstone Block, is an aesthetic solution that also enhances road safety – and this partnership is a brilliant example of how businesses can support communities and create a lasting, meaningful impact." Situated at a key artery connecting Amman's business, retail and tourism districts, the newly lit Shmeisani Circle serves thousands of commuters daily – making the upgrade both a symbolic and practical improvement to the city's infrastructure. Equiti remains committed to supporting the long-term growth of Jordan and the communities it serves around the world, championing innovation and strong partnerships to build a brighter future. About Equiti Equiti Group is a global leader in advanced trading technology, payment software, virtual assets, asset management and physical commodity solutions. With a presence across Africa, Asia, Europe and the Middle East, the Group is licensed in major financial jurisdictions including the UK, UAE and Cyprus. The Group delivers a best-in-class financial experience to clients across retail, professional, and institutional segments. Learn more at SOURCE Equiti Group
Zawya
an hour ago
- Zawya
QNB Egypt results support group's strong financial position
QNB Egypt achieved a consolidated net profit growth of EGP15.1bn, a year-on-year increase of 10% and the bank's standalone net profit was EGP14.8bn in the first half (H1) of 2025; demonstrating the QNB Group's strong financial position and the success of its strategy, supporting the sustainable growth its business in the region. QNB Egypt achieved a strong financial performance during H1, reflecting its ability to build on the ongoing success achieved through its international branches and subsidiaries present in more than 28 countries and three continents around the world. "Our continued success is built on solid foundations supported by the strategic diversification of our services across different geographies. This enhances our ability to adapt and grab promising opportunities, in line with QNB Group's strategic goal to grow its market share in international markets," said Heba al-Tamimi, senior executive vice-president, QNB Group Communications. She said its business model has demonstrated strength and resilience against challenges, enhancing the group's financial stability and consistent performance, with a focus on achieving sustainable growth and delivering a long term value to its customers and shareholders. Mohamed Bendier, QNB Egypt chief executive officer, said the financial performance indicators demonstrate a significant leap in growth rates across all business sectors, enabling QNB Egypt to maintain a strong financial position and outstanding performance. "These results are a direct reflection of the strong performance of QNB Group, confirming our leadership in the Egyptian banking sector and contributing to achieving a larger market share," he said. The total loans and advances portfolio increased by EGP42bn, reaching EGP407bn, marking an 11% growth compared to December 2024. Customer deposits reached EGP700bn as at the end of June 2025, an increase of EGP20bn and a 3% growth compared to December 2024, driven by growth across all business lines. Total consolidated assets increased to EGP844bn as at the end of June 2025, an increase of EGP24bn compared to December 2024, a 3% growth. The bank also maintained a capital adequacy ratio of 24.3%, thanks to the implementation of optimal credit policies. The non-performing loan ratio reached 5.23% as at the end of June 2025, while the provision coverage ratio for substandard loans reached 107%. These positive results confirm the efficiency and flexibility of QNB Egypt's executive policies and procedures, which have enabled it to develop its operations and enhance its competitiveness and market share in Egypt through its branch network, which now amounts to 236 branches following the recent opening of its new branch in New Alamein City. The bank's strong financial performance was also reflected in the 11 international awards received this year from prestigious global financial institutions, further affirming its commitment to banking innovation across various sectors and supporting financial inclusion and sustainable economic development. QNB Group currently ranks as the most valuable bank brand in the Middle East and Africa. Through its wide network of subsidiaries and associate companies, the Group provides a comprehensive range of advanced products and services. The total number of employees exceeds 30,000, operating from approximately 900 locations, with an ATM network of more than 4,800 machines. © Gulf Times Newspaper 2025 Provided by SyndiGate Media Inc. (
