logo
Microsoft Issues Alert After Critical SharePoint Server Attacks

Microsoft Issues Alert After Critical SharePoint Server Attacks

Newsweek2 days ago
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources.
Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content.
Microsoft has issued an urgent security alert warning of "active attacks" targeting SharePoint servers used by government agencies and businesses worldwide.
The attacks, discovered over the weekend, exploit a previously unknown vulnerability in the document-sharing software, prompting immediate action from both Microsoft and federal investigators.
The Federal Bureau of Investigations (FBI) told Newsweek on Sunday that it is aware of the incidents and working with federal and private-sector partners to address the threat. The Washington Post first reported the hacks, citing unidentified actors who exploited the flaw to target U.S. and international agencies and businesses over the past few days.
Newsweek reached out to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) on Sunday via email for comment.
Why It Matters
This zero-day attack represents a significant cybersecurity threat to organizations relying on SharePoint for internal document management and collaboration.
The vulnerability affects government agencies, schools, healthcare systems including hospitals, and large enterprise companies, with attackers bypassing multi-factor authentication and single sign-on protections to gain privileged access.
What To Know
The vulnerability affects only on-premises SharePoint servers used within organizations, not Microsoft's cloud-based SharePoint Online service.
Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek in an email statement that "attackers are bypassing identity controls, including MFA and SSO, to gain privileged access. Once inside, they're exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys."
According to Sikorski, the attackers have already established footholds in compromised systems, making patching alone insufficient to fully remove the threat. The compromise extends beyond SharePoint due to its deep integration with Microsoft's platform, including Office, Teams, OneDrive and Outlook. "What makes this especially concerning is SharePoint's deep integration with Microsoft's platform," Sikorski said. "A compromise doesn't stay contained—it opens the door to the entire network."
Microsoft has released a security update for SharePoint Subscription Edition and is developing patches for 2016 and 2019 versions. The company recommends organizations that cannot immediately apply protective measures should disconnect their servers from the internet until updates become available.
FILE - A Microsoft sign and logo are pictured at the company's headquarters, Friday, April 4, 2025, in Redmond, Wash.
FILE - A Microsoft sign and logo are pictured at the company's headquarters, Friday, April 4, 2025, in Redmond, Wash.
(AP Photo/Jason Redmond, File
What People Are Saying
Microsoft Security Team in a statement: "We recommend security updates that customers should apply immediately."
Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek: "If you have SharePoint on-prem exposed to the internet, you should assume that you have been compromised at this point. This is a high-severity, high-urgency threat. We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response."
The Cybersecurity and Infrastructure Security Agency said on Sunday: "CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as "ToolShell," provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network."
The FBI told Newsweek in an email response that they are: "Aware of the attacks and working closely with federal and private-sector partners," though they declined to provide additional operational details.
What Happens Next
Organizations using affected SharePoint versions face immediate decisions about disconnecting servers from the internet until patches become available.
Palo Alto Networks is actively notifying affected customers and working closely with Microsoft's Security Response Center to provide updated threat intelligence. Microsoft continues developing patches for older SharePoint versions, with timeline details yet to be announced.
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Xbox's ‘Forza Horizon 5' top-selling new PS5 release in 2025 so far, says Alinea
Xbox's ‘Forza Horizon 5' top-selling new PS5 release in 2025 so far, says Alinea

Business Insider

time27 minutes ago

  • Business Insider

Xbox's ‘Forza Horizon 5' top-selling new PS5 release in 2025 so far, says Alinea

The top-selling new PlayStation 5 (SONY) game in 2025 so far in terms of copies sold is Microsoft's (MSFT) 'Forza Horizon 5,' which originally launched on PC and Xbox consoles in 2021, according to Alinea Analytics' Rhys Elliott. Other top-selling games that released on PS5 this year include Capcom's (CCOEY) 'Monster Hunter Wilds,' Ubisoft's (UBSFY) 'Assassin's Creed Shadows,' Bandai Namco's (NCBDY) 'Elden Ring Nightreign,' and Kepler's 'Clair Obscur: Expedition 33.' Elevate Your Investing Strategy: Take advantage of TipRanks Premium at 50% off! Unlock powerful investing tools, advanced data, and expert analyst insights to help you invest with confidence.

A few more updates from today about AI.
A few more updates from today about AI.

The Verge

timean hour ago

  • The Verge

A few more updates from today about AI.

Chip race: Microsoft, Meta, Google, and Nvidia battle it out for AI chip supremacy See all Stories Posted Jul 23, 2025 at 3:15 AM UTC Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates. Richard Lawler Posts from this author will be added to your daily email digest and your homepage feed. See All by Richard Lawler Posts from this topic will be added to your daily email digest and your homepage feed. See All AI Posts from this topic will be added to your daily email digest and your homepage feed. See All Google Posts from this topic will be added to your daily email digest and your homepage feed. See All Microsoft Posts from this topic will be added to your daily email digest and your homepage feed. See All OpenAI Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech

Chinese Hackers Exploit Microsoft Flaws, US Nuclear Agency Hit
Chinese Hackers Exploit Microsoft Flaws, US Nuclear Agency Hit

Bloomberg

time2 hours ago

  • Bloomberg

Chinese Hackers Exploit Microsoft Flaws, US Nuclear Agency Hit

Microsoft Corp. warned that Chinese state-sponsored hackers are among those exploiting flaws in its SharePoint software to break into institutions globally, with the US agency responsible for designing nuclear weapons now among those breached. In a blog post, the tech giant identified two groups supported by the Chinese government, Linen Typhoon and Violet Typhoon, as leveraging flaws in the document-sharing software that rendered customers who run it on their own networks, as opposed to in the cloud, vulnerable. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited them, according to the blog.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store