SharePoint Zero‑Day Lets Attackers Seize Entire Servers
The flaw, tracked as CVE‑2025‑53770, allows attackers to bypass authentication entirely by exploiting a deserialization weakness in SharePoint server code. They can upload malicious ASPX web‑shells, extract machine and cryptographic keys and gain persistent access—even after patches are applied. Widely referred to as 'ToolShell,' the exploitation chain leverages two prior Pwn2Own vulnerabilities and has been weaponised in real‑world attacks.
Eye Security conducted scans of over 8,000 on‑premise SharePoint servers and detected dozens of compromised instances beginning around 18 July 2025. Palo Alto's Unit 42 also confirmed global exploitation patterns consistent with ToolShell, including theft of internal keys to enable forged requests like VIEWSTATE reuse.
ADVERTISEMENT
Microsoft confirmed attacks affecting at least SharePoint Subscription Edition and SharePoint 2019. Emergency patches—KB5002768 and KB5002754—are available for these versions, though SharePoint 2016 remains unpatched for the moment. Microsoft is working to finalise updates for the 2016 edition as soon as possible.
Cybersecurity agencies worldwide—CISA, FBI and equivalents in Canada and Australia—are coordinating assessments and urging immediate mitigation. Organisations still operating internet‑facing SharePoint servers are being strongly advised to install patches without delay, enable the Antimalware Scan Interface and deploy Defender Antivirus or equivalent protection. If AMSI cannot be enabled, servers should be disconnected from external networks until updates are applied.
Victims of the exploitation have spanned U. S. federal and state agencies, universities, energy firms and international governments—including in Spain, Brazil, Germany, France, Australia, UAE and Oman. One U. S. state reported deletion of public documents following the intrusion, and stolen machine‑keys allow adversaries to bypass patches through forged authentication tokens.
Researchers emphasise that applying patches alone is insufficient. Affected organisations must rotate ASP. NET machine‑keys, reset cryptographic secrets and undertake full compromise assessments to detect residual backdoors. The compromise of SharePoint servers also elevates risk across integrated services like Outlook, Teams and OneDrive, facilitating password harvesting, lateral movement and broader breaches.
The vulnerability's severity is underscored by its CVSS score of 9.8 and its rapid transition from proof‑of‑concept at Pwn2Own Berlin to real‑world exploitation in just weeks. Microsoft's acknowledgment of both CVE‑2025‑53770 and CVE‑2025‑53771 highlights their connection to earlier flaws now weaponised beyond the scope of Patch Tuesday fixes.
With tens of thousands of on‑premise SharePoint servers still exposed to external traffic, the threat remains urgent. Industry experts warn that organisations must act now to prevent further data theft, system takeover and persistent intrusion.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
an hour ago
- Zawya
BRIDGE Roadshow lands in Shanghai as UAE spearheads global dialogue to redefine the future of media
Dr. Jamal Mohammed Obaid Al Kaabi: China is a leading model in media innovation and shaping global narratives BRIDGE Roadshow in Shanghai highlights China's role in shaping the new media landscape. Global voices gather in Shanghai to explore innovation, responsibility, and more balanced media perspectives. Sessions explored new horizons for media collaboration, drawing on innovation, smart technologies, and cultural diplomacy to shape a more balanced and impactful global media landscape. SHANGHAI, China: The BRIDGE Roadshow continues its momentum as Shanghai, China, hosts the latest stop in its global journey, bringing together leaders from media, technology, business, finance, and public policy to explore the evolving role of media and information ecosystems. The event serves as a critical milestone in the lead-up to the BRIDGE Summit 2025 - the largest platform uniting media, cultural and creative content creators, leaders, and decision-makers to transform how the world communicates, set to take place in Abu Dhabi, from 8 - 10 December 2025. Following the successful events in New York, London, and Osaka, Shanghai becomes the latest hub for the global conversation on how today's information dynamics are reshaping economies, governance, culture, and public trust. At this pivotal gathering, leading voices from Asia and beyond came together to discuss the region's growing influence on global media and culture, and to examine the role of innovation and responsibility in the fast-changing media landscape. Shanghai: Spotlight on innovation and media leadership Shanghai provided a dynamic backdrop for the BRIDGE Roadshow, aligning with the city's prominent role in the global media and tech landscape. In the presence of His Excellency Abdulla bin Mohammed bin Butti Al Hamed, Chairman of the UAE National Media Office and the UAE Media Council, His Excellency Muhannad Sulaiman Al Naqbi, Consul General of the United Arab Emirates in Shanghai, and His Excellency Khalid Al Shehhi, Deputy Ambassador of the Embassy of the United Arab Emirates in China, the event attracted leaders from across media, technology, and business to discuss how innovation, technology, and cultural influence are converging in the global media narrative. A central theme of the Shanghai event focused on the role of innovation in media and how China's platforms and creators are reshaping the global media landscape. A key discussion, moderated by John Darling, Co-Founder & CEO, Creative Capital Ventures, centred on whether Chinese stories could shape the international narrative, considering how China's unique position in global media offers new opportunities for soft power. The panellists, including Joleen Liang, Co-Founder & President of Squirrel AI Learning, Zengxin Li, Deputy General Manager of Caixin Global, and Dennis Potgraven, Chief Strategy Officer of WPP Media China, explored the challenges and opportunities of this dynamic. They discussed how Chinese platforms are influencing perceptions both locally and globally, with an emphasis on how these platforms are redefining what it means to tell a story in today's interconnected world. Another central theme in Shanghai was the potential of gaming as the next frontier of cultural influence. A talk, led by Fangda Wan, Founder & General Partner of Gam3Girl Ventures, discussed how China's gaming industry is rapidly evolving into a nearly $50 billion market, offering new ways to blend technology with culture. Speakers examined how gaming is becoming a powerful force in global media, allowing for new forms of storytelling that merge traditional Chinese narratives with cutting-edge technology. H.E Abdullah bin Mohammed Al Hamed: The world needs a comprehensive intellectual vision that reaffirms the humanistic and civilisational role of media H.E. Abdulla bin Mohammed bin Butti Al Hamed, Chairman of the National Media Office and Chairman of the UAE Media Council, emphasised that the Shanghai stop of the BRIDGE Roadshow marks a defining moment, highlighting China's dynamic media and cultural landscape and its growing impact on shaping global narratives. The Chairman stressed that the challenges facing global media today are not limited to tools or platforms, but extend to the overarching vision guiding them. While technologies continue to evolve rapidly, there remains a pressing need for a comprehensive intellectual outlook that reaffirms the media's humanistic and civilisational role as a platform for meaningful content and a key contributor to knowledge-based societies and future economies. H.E. also underlined that the Roadshow's path through New York, London, Osaka, and now Shanghai reflects the UAE's deep-rooted commitment to cultivating more balanced and inclusive global media perspectives. This effort is rooted in the UAE's core belief in building bridges of communication and fostering meaningful cultural exchange. The Chairman concluded by stating that the discussions held during the Shanghai stop will help enrich the agenda of the upcoming Bridge 2025 Summit in Abu Dhabi, which will serve as a platform bringing together media decision-makers and influence alliances, aiming to explore the future of media and strengthen its role as a partner in development, innovation and global understanding. Dr. Jamal Mohammed Obaid Al Kaabi: China is a leading model in media innovation and shaping global narratives For his part, H.E. Dr. Jamal Mohammed Obaid Al Kaabi, Director-General of the UAE National Media Office, shared his perspective on the evolving media ecosystem: 'As the media landscape continues to evolve at an unprecedented pace, China's innovative leadership in media and cultural industries is playing a pivotal role in shaping global narratives. Through a unique blend of tradition and cutting-edge technology, Chinese platforms and creators are expanding the boundaries of soft power, offering diverse perspectives that are reshaping how news and stories are consumed around the world. BRIDGE provides an essential platform to bring together leaders and innovators from across the globe, helping to ensure that the stories we tell remain authentic, inclusive, and impactful.' Connecting conversations: Expanding on the global dialogue The BRIDGE Roadshow series is designed to fuel an ongoing discussion about the future of media. Each stop contributes to Connecting Conversations, an evolving series of insights that will inform the programming and partnerships for BRIDGE Summit 2025 in Abu Dhabi. In New York, the focus was on AI's role in ensuring trust in media, while London explored narrative diplomacy and the responsibility of media in cross-border relations. Osaka, which preceded Shanghai, placed a strong emphasis on media innovation and the ethical use of generative AI. Osaka, which marked the third stop on the roadshow after New York and London, explored themes of AI, media innovation, and cultural authenticity, setting the stage for Shanghai to dive deeper into China's role in shaping global narratives. In Shanghai, with its dynamic creative economy, further explored the delicate balance between technological advancement and cultural authenticity in the media space. The roadshow continues to build momentum, offering new perspectives on how media, technology, and culture intersect in a rapidly transforming world. BRIDGE Summit 2025: Where influence meets impact BRIDGE Summit 2025 will serve as a space for content creators, artists, influencers, and agencies — those who know how to engage — to join forces with government entities, investors, and corporations — those who have the power to shape change. By bridging these two worlds, the summit will unlock purpose-driven collaborations that shape public perception and influence behaviour across borders. This is where thought leadership meets business innovation — providing the space and tools for a new generation of global communicators to co-create solutions that transcend entertainment and drive tangible, lasting impact. Registrations for BRIDGE Summit 2025 are now open at
Gulf Today
2 days ago
- Gulf Today
Microsoft becomes second company to reach $4 trillion valuation
Microsoft has become the second company in history to surpass a market capitalisation of US$4 trillion, following sustained momentum in its stock performance. Chipmaker Nvidia continues to lead the market with a valuation of US$4.4 trillion. Microsoft's strong showing was driven by a surge in its share price following robust quarterly results, with accelerated growth reported in the financial quarter ending in June. The company's stock rose by as much as five percent at the start of trading in the United States, propelled by significant gains in artificial intelligence and cloud computing services. In the most recent quarter, Microsoft's revenue increased by 18 percent, exceeding US$76 billion, while net profit rose by 25 percent to reach US$27 billion. WAM
The National
2 days ago
- The National
Mercedes adding Microsoft Teams to its cars feels like a meeting invitation nobody asked for
As if being stuck in traffic or missing an exit wasn't stressful enough, Mercedes-Benz has now decided to add Microsoft Teams to its vehicles, starting with its new CLA model. The collaboration between the German car company and the US tech giant feels not just confusing, but completely unnecessary. After all, nothing screams luxury like the ability to join a meeting mid-commute. But in all seriousness, this seems like a bad idea for many reasons. The most obvious concern is safety. Mercedes insists a camera, which will be built into the screen above the central display, won't distract drivers, but can that be true? When the car is in motion, drivers can't see the meeting but can still hear it, while colleagues and bosses can still see them. But why is that necessary? More importantly, why add another potential distraction to a space where even a momentary lapse in focus can be dangerous? Most road safety experts agree that even small distractions can dramatically increase the risk of accidents, so it doesn't feel right to normalise conference calls while on the go. Then, there's the absurdity of it all. Who asked for this? Did a survey reveal Mercedes owners begging for the ability to hop into a Teams meeting during their commute? Or is this for people so dedicated to their work that they feel the need to always be on call? Unless you're in a life-saving profession, I can't imagine that being necessary. And honestly, what kind of experience does this create? Imagine being stuck in traffic, the AC fighting off the summer heat, when your boss pops up on your car dashboard to ask about an unanswered email. Having a high-end car once meant comfort, freedom and maybe even a little indulgence. Now, apparently, it means bringing the office along for the ride. This leads to another big problem: how much it blurs the line between work and personal life. The pandemic pushed work into our homes. Do we really need it invading our cars, too? In Germany, where Mercedes is based, labour laws acknowledge this issue with measures aimed at protecting employees from the expectation of being constantly available. So it's a bit strange that the company is now designing cars that make it easier to be "always on". Sure, there's something to be said for being successful enough to afford a Mercedes-Benz with Microsoft Teams built in, but if that's the measure of success, I'm not sure I want it. These days, the world already feels hectic and stressful. People need to protect their mental health, and one of the best ways to do that is by setting boundaries to maintain a healthy work-life balance. Cars can be a buffer between work and home. When I'm in mine, it's time to myself, when I can listen to relaxing music or a podcast, or just be alone with my thoughts. If I suddenly heard the Microsoft Teams ringtone go off in my car, whatever Zen mode I was in would immediately be ruined. Psychologists often say that downtime, even the short drive between work and home, is vital for mental decompression. Are we sure we want to get rid of that? This isn't about just a new 'innovative' car feature, but about the start of a slippery slope where tech slowly infiltrates even more aspects of our lives. Today it's Microsoft Teams in the car, maybe tomorrow it's Slack on the bathroom mirror or Zoom on the refrigerator. At what point do we draw the line and say 'enough'? Technology was supposed to make our lives easier, not turn every spare moment into another chance to clock in. Mercedes might believe this is innovation, but it's a mistake. We need to ask: are these features making our lives better or just erasing the last spaces we had left for ourselves?
