Microsoft SharePoint hack: CERT-In flags ongoing threat, follow these steps to secure your systems
SharePoint Server 2019 and SharePoint Enterprise Server 2016 as well as the subscription edition of the platform deployed by organisations on-premises have been affected in the hack, according to a CERT-In advisory issued on Tuesday, July 22, with a 'Critical' severity rating.
SharePoint is a web-based collaboration and document management platform developed by Microsoft. It allows organisations to create, manage, and share content and applications in a centralised environment.
All end-user organisations and individuals using affected Microsoft SharePoint Server installations are at risk of unauthorized access to sensitive data, remote code execution, and potential disruption of services, the cybersecurity watchdog said.
'A remote attacker could exploit these vulnerabilities by sending specially crafted requests to the targeted system. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access sensitive data, or perform spoofing attacks on the targeted system,' CERT-In said, adding that the vulnerabilities are being actively exploited in the wild.
CERT-In has published Vulnerability note on its website (22-07-2025)
Multiple vulnerabilities in Microsoft SharePoint Serverhttps://t.co/4F7p2vqbNW pic.twitter.com/4P0DmhHkCK
— CERT-In (@IndianCERT) July 22, 2025
https://platform.twitter.com/widgets.js
The warning comes a day after researchers on Monday, July 21, uncovered a sweeping cyber espionage operation targeting Microsoft server software that has resulted in at least 100 organisations being compromised, according to a report by Reuters.
Most of the affected organisations are located in the United States and Germany, as per the Shadowserver Foundation, a California-based non-profit cybersecurity organisation. Microsoft on July 19, issued an alert about 'active attacks' on self-hosted SharePoint servers. However, SharePoint instances run off of Microsoft servers were unaffected.
'Attackers were able to exploit the flaw, now identified as CVE-2025-53770, to steal MachineKey configuration details from vulnerable SharePoint Servers, which include both a validationKey and a decryptionKey. These details can be used by attackers to create specially crafted requests that could be used to gain unauthenticated remote code execution,' Satnam Narang, Senior Staff Research Engineer at Tenable, said in a statement to indianexpress.com.
It is not clear who is behind the ongoing 'zero-day' attack, which is a hack that is carried out by exploiting a vulnerability that was previously undisclosed. However, Google researchers have tied at least some of the hacks to a 'China-nexus threat actor.'
In response, Microsoft has rolled out security updates and CERT-In, in its advisory, encouraged customers to install them in order to address the vulnerabilities. According to Narang, organisations can find out if their systems have been compromised in the hack by searching for indicators such as 'a file created on the vulnerable servers called spinstall0.aspx.'
In addition to applying the security updates, CERT-In suggested the following mitigation measures for affected organisations:
– Rotate the ASP.NET MachineKey values (ValidationKey and DecryptionKey) after applying the updates to invalidate any
compromised credentials.
– Enable AMSI (Antimalware Scan Interface) integration in SharePoint to enhance detection of malicious activity.
– Deploy Microsoft Defender Antivirus or a compatible endpoint protection solution with updated signatures.
– Scan SharePoint directories (e.g., LAYOUTS folder) for unauthorized ASPX files such as spinstall0.aspx.
– Monitor systems for suspicious process activity such as w3wp.exe spawning cmd.exe or powershell.exe.
– Restrict external access to on-premises SharePoint servers where feasible until patched.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mint
3 hours ago
- Mint
Wall St Week Ahead-Tariffs, Fed, tech results headline jam-packed markets week
(Repeats SCHEDULED COLUMN originally published on July 25, no changes) Aug 1 deadline looms for US trading partners Fed policy decision Weds, US jobs report Fri Results due from Apple, Microsoft, Amazon, Meta NEW YORK, July 25 (Reuters) - A looming U.S. deadline for more severe global tariffs is among a barrage of upcoming events threatening to disrupt an increasingly calm U.S. stock market that has set a string of all-time highs. President Donald Trump has extended a deadline to August 1 for when higher levies will take effect on an array of trading partners unless deals are struck. That could boost market volatility heading into next Friday. Much more is on the calendar that could move markets. Investors will watch the Federal Reserve's monetary policy meeting, the monthly U.S. employment report and earnings reports from megacap companies Apple, Microsoft and Amazon. "There is going to be a lot to digest for markets into next week," said Matthew Miskin, co-chief investment strategist at Manulife John Hancock Investments. "Expectations from the markets have gone up relative to several months ago," Miskin said. "So it's just going to be another big week for trying to meet loftier expectations." RECORD HIGHS, FALLING VOLATILITY The benchmark S&P 500 kept tallying new all-time highs during the week. Equities have recovered from a plunge after Trump's April 2 "Liberation Day" tariff announcement set off fears of a recession that have since ebbed. The S&P 500 has surged 28% since its low for the year a week later, while the tech-heavy Nasdaq Composite has jumped 38% in that time. "We just got three years of return in three and a half months," said Chris Galipeau, senior market strategist at the Franklin Templeton Institute. "The equity market needs to consolidate this move." Market volatility measures have eased considerably. The Cboe Volatility Index spiked to 60 in April, but has been below its long-term median of 17.6 for most of July and on Wednesday posted its lowest close in five months. However, pockets of volatility have emerged in the past week. Eye-popping gains in highly shorted stocks such as Kohl's and Opendoor Technologies heralded the possible return of a "meme stock" craze that could signal some over-exuberance in risk appetite, at least among retail investors. Meanwhile, the record-setting rally has lifted valuations to historically expensive levels. The S&P 500 was trading at 22.6 times earnings estimates, well above its long-term average P/E ratio of 15.8, according to LSEG Datastream, which could make the market vulnerable to disappointments in the coming week. Higher tariffs on the European Union and many other countries could take effect on August 1. Trump had paused many of the most severe of his reciprocal tariffs in April, following the bout of extreme market volatility. "There is a particular belief and conviction that the market has that the administration just won't be as aggressive as they've been threatening because of what was experienced in early April," said Kevin Gordon, senior investment strategist at Charles Schwab. "The next hurdle in the trade (situation) is really to see what sticks." FED OFFICIALS AWAIT TARIFF IMPACT The Fed is widely expected to hold interest rates steady in its monetary policy decision on Wednesday, as central bank officials want more data to determine if tariffs are worsening inflation before they ease rates further. But tensions between the White House and the central bank over monetary policy have heightened, with Trump repeatedly denouncing Fed Chair Jerome Powell for not cutting rates. Two of the Fed Board's Trump appointees have articulated reasons for supporting a rate cut this month. A packed week of corporate results includes Apple, Microsoft, Amazon and Facebook parent Meta Platforms, four of the "Magnificent Seven," whose stocks heavily influence benchmark indexes because of the companies' massive market values. With about 30% of S&P 500 companies having reported results, overall second-quarter earnings are on track for a 7.7% increase from a year ago, according to LSEG IBES. That would beat a 5.8% estimated rise on July 1. The week ends with the monthly U.S. employment report on Friday. Employment in July is expected to have increased by 102,000 jobs, according to Reuters data as of Thursday, after rising by 147,000 jobs in June. "We've had relatively strong economic data that almost shows a modest re-acceleration in the economy in June and I think markets are priced to reflect this re-acceleration," Miskin said.
&w=3840&q=100)
Business Standard
4 hours ago
- Business Standard
CloudSEK detects Maha-based counterfeit currency syndicates on social media
Cyber intelligence firm CloudSEK has detected counterfeit currency syndicates based out of Maharashtra operating via social media platforms, the company said in a report. The report said that the earlier such syndicates were confined to the dark web and underground print shops and claimed that such syndicates were now operating in broad daylight through social media platforms like Facebook and Instagram. Sourajeet Majumder, a security researcher at CloudSEK, said the firm has reported about the syndicate to the law enforcement agencies with details of the cyber criminals along with their phone numbers, GPS location and supporting digital evidence. He said the counterfeit currency network was flourishing openly on social media platforms. "In a first-of-its-kind investigation, CloudSEK's STRIKE team has not only quantified the spread -- Rs 17.5 crore worth of fake Indian currency in just six months -- but also attributed key individuals behind the operation using facial recognition, GPS data, and digital forensics," the report said. CloudSEK is one of the cyber intelligence service providers to India cyber security watchdog CERT-In. The CloudSEK researchers found over 4,500 posts promoting counterfeit currency, more than 750 accounts and pages facilitating the sale and around 410 unique phone numbers linked to sellers. "Adhering to its commitment to responsible disclosure and aiding national security, the comprehensive findings from this investigation, including the detailed attribution of threat actors, their phone numbers, precise GPS locations, and supporting digital evidence, have been formally furnished to relevant central and state law enforcement agencies," Majumder said. He said that the critical intelligence has also been shared with appropriate regulatory authorities to enable swift and decisive action against this illicit network, safeguarding both the nation's financial stability and its citizens.
Time of India
5 hours ago
- Time of India
Boss buys Rs 5 lakh artwork from artist who abused her employee. What happens next leaves Internet in awe
An employer has earned widespread admiration online after taking a striking stand against an artist who had allegedly mistreated one of her team members at her restaurant. A video that has since gone viral on the subreddit Amazing captures the powerful moment she retaliated in a dramatic fashion. In the footage, the woman is seen purchasing a piece of artwork by renowned artist Romero Britto for a hefty sum of $5,000 (approximately Rs 5 lakh), only to immediately destroy it right in front of him. The artist, clearly stunned, watches as his own creation is shattered. The post's caption explains the background—the woman had once encountered the artist behaving rudely to one of her staff members while dining at her restaurant. The incident, though perhaps long past, clearly left a mark. The viral clip captures the woman confronting the artist and expressing her fury, shouting, 'Never go to my restaurant and disrespect an employee… never!' at the shell-shocked artist. Explore courses from Top Institutes in Please select course: Select a Course Category Management others Finance Leadership Project Management Operations Management MBA Technology Others healthcare Artificial Intelligence Cybersecurity Public Policy Healthcare Product Management Data Analytics Design Thinking Digital Marketing CXO Data Science MCA PGDM Data Science Degree Skills you'll gain: Duration: 10 Months IIM Kozhikode CERT-IIMK GMPBE India Starts on undefined Get Details Skills you'll gain: Duration: 11 Months IIM Kozhikode CERT-IIMK General Management Programme India Starts on undefined Get Details Skills you'll gain: Duration: 9 Months IIM Calcutta CERT-IIMC APSPM India Starts on undefined Get Details Support and Applause Flood Social Media The video quickly gained traction across Reddit, collecting more than 23,000 upvotes. Viewers flooded the comment section, praising the employer's commitment to her team. Many lauded her courage and leadership, saying she had earned lifelong loyalty from her staff. Several commenters remarked on the emotional weight of the moment. One noted how visibly shaken the artist appeared as he saw his own work demolished—the symbolic destruction resonating more deeply than words ever could. Another user pointed out that the act likely did more damage to his public image than to the artwork itself, speculating that such a viral incident could potentially tarnish his professional reputation. The employer's fearless move prompted many to reflect on the qualities of true leadership. Commenters shared how such actions build unbreakable trust among employees, reinforcing the idea that good leaders inspire unwavering loyalty. For some, she represented the kind of boss people would go to extreme lengths for, simply because she had demonstrated character, conviction, and a sense of justice. Stories of Other Inspiring Bosses Emerge The viral moment also led others to share their own positive experiences with exceptional employers. One user recounted how they told their boss they'd follow him into any situation—a bond forged from mutual respect and a work culture built on fairness and hard work. This boss, described as humble, intelligent, and deeply dedicated, was the type of leader who led by example—arriving early, giving generously, and creating an environment where employees genuinely wanted to contribute to his success. Such examples show that when leaders prioritize respect and loyalty, the impact ripples far beyond the workplace. Romero Britto is a renowned Brazilian visual artist known for his work across painting, printmaking, and sculpture. His distinctive artistic style blends aspects of cubism, pop art, and street-inspired graffiti. Britto's creations are instantly recognizable for their vivid color palettes and striking, energetic patterns, which he uses to convey themes of joy, optimism, and aspiration. Through his art, he aims to reflect a world filled with positivity, imagination, and emotional warmth.
