Microsoft Confirms Ongoing Mass SharePoint Attack — No Patch Available
Microsoft users are, once again, under attack. This time, the threat is not restricted to Outlook users, or involves a Windows browser-based security bypass, and unlike the recent Windows authentication relay attack vulnerability, there is no patch, no magic update, to remedy this one. Which is bad news for Microsoft SharePoint Server users, as CVE-2025-53770 is currently under confirmed 'mass attack' and on-premises servers across the world are being compromised. Here's what you need to know and do.
Microsoft Confirms CVE-2025-53770 SharePoint Server Attacks
It's been quite the few weeks for security warnings, what with Amazon informing 220 million customers of Prime account attacks, and claims of a mass hack of Ring doorbells going viral. The first of those can be mitigated by basic security hygiene, and the latter appears to be a false alarm. The same cannot be said for CVE-2025-53770, a newly uncovered and confirmed attack against users of SharePoint Server which is currently undergoing mass exploitation on a global level, according to the Eye Research experts who discovered it. Microsoft, meanwhile, has admitted that not only is it 'aware of active attacks' but, worryingly, 'a patch is currently not available for this vulnerability.'
CVE-2025-53770, which is also being called ToolShell, is a critical vulnerability in on-premises SharePoint. The end result of which is the ability for attackers to gain access and control of said servers without authentication. If that sounds bad, it's because it is. Very bad indeed.
'The risk is not theoretical,' the researchers warned, 'attackers can execute code remotely, bypassing identity protections such as MFA or SSO.' Once they have, they can then 'access all SharePoint content, system files, and configurations and move laterally across the Windows Domain.'
And then there's the theft of cryptographic keys. That can enable an attacker to 'impersonate users or services,' according to the report, 'even after the server is patched.' So, even when a patch is eventually released, and I would expect an emergency update to arrive fairly quickly for this one, the problem isn't solved. You will, it was explained, 'need to rotate the secrets allowing all future tokens that can be created by the malicious actor to become invalid.'
And, of course, as SharePoint will often connect to other core services, including the likes of Outlook and Teams, oh and not forgetting OneDrive, the threat, if exploited, can and will lead to 'data theft, password harvesting, and lateral movement across the network,' the researchers warned.
Mitigating The Microsoft SharePoint Server Attacks
While the Microsoft Security Response Center has stated that it is 'actively working to release a security update,' and will 'provide additional details as they are available,' there is no patch at the time of writing. In the meantime, it advised that customers should apply the following mitigations:'
Configure Antimalware Scan Interface integration in SharePoint and deploy Defender AV on all SharePoint servers. 'If you cannot enable AMSI,' Microsoft said, 'we recommend you consider disconnecting your server from the internet until a security update is available.'
I have approached Microsoft for a statement and will update this story with any further developments.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
12 minutes ago
- Yahoo
Equinix raises annual results forecast on steady data center demand
(Reuters) -Data center firm Equinix raised its forecast for annual results on Wednesday, signaling steady demand from its enterprise customers investing in AI solutions. The company has benefited from the increased demand for data center infrastructure amid a surge in artificial intelligence usage. Major cloud firms, including Google, have pledged significant investments this year to expand on AI, underscoring robust demand for AI-related products and solutions. Equinix provides organizations with secure, resilient and power-efficient environments to house their IT equipment within its data centers, while offering shared infrastructure and connectivity solutions. The company now expects annual revenue to be between $9.23 billion and $9.33 billion, compared with prior projection of $9.18 billion to $9.28 billion. It now expects annual per-share funds from operations, a key measure of cash flow, to be in the range of $37.67 to $38.48 per share, compared with previous forecast of $37.36 to $38.17. In the second quarter ended June 30, the company's revenue rose 4.6% to $2.26 billion, in line with estimates, according to data compiled by LSEG.
Yahoo
12 minutes ago
- Yahoo
Microsoft and Meta fuel $500-billion gain in AI stocks
By Noel Randewich (Reuters) -Wall Street's AI heavyweights added a combined half a trillion dollars in stock market value late on Wednesday after quarterly reports from Microsoft and Meta Platforms showed massive investments in the emerging technology were paying off. In extended trade, Microsoft jumped 8% and Meta surged 9%, with the two Magnificent Seven companies increasing their market values by $288 billion and $152 billion, respectively. Dominant AI chipmaker Nvidia, the world's most valuable company, climbed 1%, while Amazon, which reports its results on Thursday, added over 2%. Shares of the U.S. stock market's most valuable companies have surged in recent years as they race to dominate artificial intelligence, and their massive investments have left investors eager to see results. Fueling the late-day enthusiasm for AI-related stocks, Meta forecast quarterly revenue well ahead of Wall Street expectations and raised the lower end of its annual capital expenditures forecast by $2 billion, driven by its high-stakes push for "superintelligence" in the heated AI race. Microsoft also delivered a blowout quarterly report, with its Azure cloud-computing business powering revenue above Wall Street's expectations and showcasing the growing returns on its AI bets. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Geek Wire
13 minutes ago
- Geek Wire
Microsoft cut product R&D jobs, added operations roles over the past year, new filing confirms
Microsoft's global headcount remained steady at 228,000 employees over the past year, but the mix of roles changed notably, reflecting ongoing shifts in the company's workforce. Employment in product research and development declined by about 1,000 roles, falling to 80,000 employees worldwide as of June 30, the end of Microsoft's 2025 fiscal year. Meanwhile, the number of employees in operations roles rose by 3,000, to 89,000. Headcount in sales and marketing and general and administration fell by 1,000 each, to 44,000 and 15,000, respectively. The new numbers were disclosed Wednesday afternoon in the company's annual 10-K filing with the Securities & Exchange Commission, following its fourth quarter earnings report. The filings reflect an initial round of layoffs in May, affecting about 6,000 people, but not a larger round in early July, impacting about 9,000 workers, which took place just after the close of the company's fiscal year. Reports at the time of the initial layoffs said software engineers inside the company were impacted disproportionately by the cuts, although Microsoft has said that AI productivity gains were not a primary factor in the reductions. The company has continued hiring even with its job cuts, resulting in the flat year-over-year employment number overall. The numbers are rounded to the nearest thousand for purposes of the filing. PREVIOUSLY: In new memo, Microsoft CEO addresses 'enigma' of layoffs amid record profits and AI investments
