Microsoft Issues Urgent Security Patch For SharePoint After "Active Attacks"
Tech giant Microsoft has issued urgent security patch after observing "active attacks" on server software used by government agencies and businesses to share documents within organisations.
According to Microsoft, the vulnerabilities apply only to SharePoint servers used within organisations. SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks, the organisation informed.
"Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update," said the tech giant in ints security advisory.
The company recommended security updates that customers should apply immediately.
The US Federal Bureau of Investigation (FBI) also said it is aware of the attacks and is working closely with its federal and private-sector partners.
The vulnerability is related to a case of remote code execution that arises due to the deserialization of untrusted data in on-premise versions of Microsoft SharePoint Server.
Microsoft said the current published content is correct and that the previous inconsistency does not impact the company's guidance for customers.
"After applying the latest security updates above or enabling AMSI, it is critical that customers rotate SharePoint server ASP.NET machine keys and restart IIS on all SharePoint servers," Microsoft said.
"If you cannot enable AMSI, you will need to rotate your keys after you install the new security update," its added.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added 'CVE-2025-53770' vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 21, 2025.
"Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771. Customers should apply these updates immediately to ensure they're protected," said the company in its security update.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hindustan Times
38 minutes ago
- Hindustan Times
This country's government is urging people to delete old photos to avoid drought: Here's why
Should you ever delete a photo to save water? Sounds odd. Yet a real government advisory in the UK suggested exactly that during a dry summer. It sparked jokes online, but also a fair question for all of us who live in the cloud. Your photos sit in buzzing server halls that need cooling. In a drought, even the cloud's hidden water use is in focus.(Unsplash) Why the cloud shows up in a drought Most of our pictures and emails sit in data centres. These are giant buildings full of servers that run hot. Cooling them safely needs a lot of water in many sites. Independent studies have tried to quantify this. Research from Oxford-linked academics estimates that a modest 1 megawatt facility can use tens of millions of litres of water each year for cooling alone. Utilities figures and company disclosures show the picture varies by region. Some operators now use recycled or non potable water. Others are switching to air or evaporative cooling depending on local rules and weather. Big tech is under pressure to shrink this footprint. Google has trialled recycled wastewater for cooling in places like Douglas County in Georgia. Microsoft tested an underwater data centre to tap ambient cooling. Cloud firms also publish metrics such as water usage effectiveness to show progress. The overall trend is clear. Our digital lives have a physical cost. As AI use grows, compute demand rises, so power and cooling needs can rise too unless designs change. So does deleting photos help? For an individual, deleting a few holiday albums does not refill a reservoir. At scale, data hygiene can still matter. Less storage used can reduce the need for extra racks and cooling in the long run. The more immediate wins are practical. Fix leaks at home. Take shorter showers. Delay washing cars. Those save more water today. If you still want to tidy your digital life, look for cloud providers that disclose water and energy metrics, and that prioritise recycled water where local supply is tight. In short, the UK tip was clumsy, not baseless. It tried to connect daily habits with hidden costs. If you are a photographer or creator sitting on terabytes, curating duplicates and rejects is good practice anyway. For everyone else, balance the message. Keep your memories. Be mindful of where you store them. And push providers to build in ways that use less fresh water as heatwaves get more common.
Time of India
an hour ago
- Time of India
Changes in tax on lumpsum and premature withdrawals under UPS and NPS in the latest version of Income Tax Act, 1961
Income tax exemptions for UPS Academy Empower your mind, elevate your skills Finance minister Nirmala Sitharaman introduced the Taxation Law (Amendment) Bill, 2025, in today's Lok Sabha session. This Bill aims to amend the Finance Act, 2025 and the Income Tax Act, 1961. The main focus of these changes is to align the tax treatment of UPS ( Unified Pension Scheme ) with that of NPS ( National Pension System ). Here are some key updates included in the Taxation Law (Amendment) per the bill, any payment made from the NPS Trust to a UPS subscriber, which does not exceed 60% of the individual's corpus at the time of superannuation, voluntary retirement or retirement, shall be exempt from income to the bill, 'any payment from the National Pension System Trust to an assessee, who is a subscriber to the Unified Pension Scheme, to the extent that it does not exceed sixty per cent of the individual corpus, as specified in notification number FX-1/3/2024-PR, dated the 24th January, 2025 of the Department of Financial Services, made at the time of his superannuation or voluntary retirement or retirement under clause (j) of rule 56 of the Fundamental Rules [which is not treated as penalty under the Central Civil Services (Classification, Control and Appeal) Rule.'According to the bill, 'any sum received as a lump sum amount as per clause (vi) of paragraph 2 of the notification number FX-1/3/2024-PR, dated the 24th January, 2025, of the Department of Financial Services, by an assessee being a subscriber to the Unified Pension Scheme will also be tax exempt.'As per law, a lump sum payment will be allowed on superannuation at the rate of 10% of monthly emoluments (basic pay + Dearness Allowance) for every six months of qualifying service you complete. Moreover, this lump sum payment will not affect the amount of assured bill further adds that, 'where any amount standing to the credit of the assessee, being a subscriber to the Unified Pension Scheme, in his account referred to in sub-section (1) or sub-section (1B), in respect of which a deduction has been allowed under those sub-sections or sub-section (2), together with the amount accrued thereon, if any, is received by the assessee or his nominee, in whole or in part, in any previous year on account of his superannuation or voluntary retirement or retirement under clause (j) of rule 56 of the Fundamental Rules [which is not treated as penalty under the Central Civil Services (Classification, Control and Appeal) Rules, 1965], as may be applicable, the whole of the amount shall be deemed to be the income of the assessee or his nominee, as the case may be, in the previous year in which such amount is received, and shall accordingly be charged to tax as income of that previous year.'Simply put, if the UPS subscriber or their nominee receives any amount from the scheme before their superannuation, retirement or voluntary retirement, it will be treated as income in the hands of the individual and taxed CA Ashish Niraj, Partner, A S N & Company Chartered Accountants explains, this sub-section has been inserted to clarify that in case the assesee closes the account or opts out of the pension scheme referred to in sub-section (1) or sub-section (1B), then such amount will be deemed to be his income in that previous year and will be CA Mohit Gupta, 'if an assessee (subscriber to the Unified Pension Scheme) receives any amount (including accrued income) from their pension account—where deductions were claimed earlier under Section 80CCD(1), (1B), or (2)—on superannuation, voluntary retirement, or retirement under Rule 56(j) of the Fundamental Rules (not treated as penalty), the entire amount will be treated as taxable income in the year of receipt'.Additionally, if the remaining balance in the individual corpus is transferred to the pool corpus on his superannuation, voluntary retirement or retirement, it won't be treated as income for the taxpayer in that year. According to CA Ashish Niraj, Partner, A S N & Company Chartered Accountants, this is merely shifting funds from individual corpus to pool corpus for annuity purposes, and hence, does not invite Prabhakar K S, Founder & CEO, Shree Tax Chambers, "with effect from April 1, 2025, any amount received by an assessee or their nominee on superannuation or retirement will be considered income in the year it's received and will be charged to tax accordingly. A subscriber, upon attaining 60 years, can withdraw 60% of the total corpus as a lump sum, which is tax-free. The remaining 40% should be utilised to buy annuities. The annuity income is taxable as per the applicable income tax slab rates".
Hans India
an hour ago
- Hans India
Xbox App on Windows on Arm to Support Local Game Downloads
Microsoft is bringing a major upgrade to its Xbox app for Windows on Arm devices, enabling users to download and play ARM64-compatible games locally. Currently, Arm-powered PCs like the Qualcomm-based Surface Pro 12 only support cloud gaming via Xbox Cloud Gaming. With the latest update, now in testing for Windows Insiders, selected ARM64 titles from PC Game Pass and Xbox Game Pass Ultimate will be available for direct installation — a first for these devices. The move marks closer collaboration between Microsoft's Windows and Xbox teams to ensure broader compatibility across the Game Pass library. The company also revealed it is developing additional features to bring more games to Arm-based Windows 11 PCs in the coming months. An ARM64 version of the Xbox app has been available since 2022, but the lack of native Arm-compiled games limited its usefulness. Now, users can check the Windows on Arm Ready site to see which titles are optimised for smooth performance. While cloud gaming remains an option for unsupported titles, the new local download capability promises better responsiveness, reduced latency, and offline play — a welcome change for gamers on Arm devices.
