
Microsoft Issues Alert After Critical SharePoint Server Attacks
Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content.
Microsoft has issued an urgent security alert warning of "active attacks" targeting SharePoint servers used by government agencies and businesses worldwide.
The attacks, discovered over the weekend, exploit a previously unknown vulnerability in the document-sharing software, prompting immediate action from both Microsoft and federal investigators.
The Federal Bureau of Investigations (FBI) told Newsweek on Sunday that it is aware of the incidents and working with federal and private-sector partners to address the threat. The Washington Post first reported the hacks, citing unidentified actors who exploited the flaw to target U.S. and international agencies and businesses over the past few days.
Newsweek reached out to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) on Sunday via email for comment.
Why It Matters
This zero-day attack represents a significant cybersecurity threat to organizations relying on SharePoint for internal document management and collaboration.
The vulnerability affects government agencies, schools, healthcare systems including hospitals, and large enterprise companies, with attackers bypassing multi-factor authentication and single sign-on protections to gain privileged access.
What To Know
The vulnerability affects only on-premises SharePoint servers used within organizations, not Microsoft's cloud-based SharePoint Online service.
Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek in an email statement that "attackers are bypassing identity controls, including MFA and SSO, to gain privileged access. Once inside, they're exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys."
According to Sikorski, the attackers have already established footholds in compromised systems, making patching alone insufficient to fully remove the threat. The compromise extends beyond SharePoint due to its deep integration with Microsoft's platform, including Office, Teams, OneDrive and Outlook. "What makes this especially concerning is SharePoint's deep integration with Microsoft's platform," Sikorski said. "A compromise doesn't stay contained—it opens the door to the entire network."
Microsoft has released a security update for SharePoint Subscription Edition and is developing patches for 2016 and 2019 versions. The company recommends organizations that cannot immediately apply protective measures should disconnect their servers from the internet until updates become available.
FILE - A Microsoft sign and logo are pictured at the company's headquarters, Friday, April 4, 2025, in Redmond, Wash.
FILE - A Microsoft sign and logo are pictured at the company's headquarters, Friday, April 4, 2025, in Redmond, Wash.
(AP Photo/Jason Redmond, File
What People Are Saying
Microsoft Security Team in a statement: "We recommend security updates that customers should apply immediately."
Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek: "If you have SharePoint on-prem exposed to the internet, you should assume that you have been compromised at this point. This is a high-severity, high-urgency threat. We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response."
The Cybersecurity and Infrastructure Security Agency said on Sunday: "CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as "ToolShell," provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network."
The FBI told Newsweek in an email response that they are: "Aware of the attacks and working closely with federal and private-sector partners," though they declined to provide additional operational details.
What Happens Next
Organizations using affected SharePoint versions face immediate decisions about disconnecting servers from the internet until patches become available.
Palo Alto Networks is actively notifying affected customers and working closely with Microsoft's Security Response Center to provide updated threat intelligence. Microsoft continues developing patches for older SharePoint versions, with timeline details yet to be announced.
Hashtags

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
32 minutes ago
- Yahoo
FNZ Announces Strategic Partnership with Microsoft to Accelerate the Transformation of the Wealth Management Industry
FNZ and Microsoft have entered a global, five-year strategic partnership to accelerate digital transformation across the wealth management industry. The partnership strengthens FNZ's global platform by enhancing its AI, automation and cloud capabilities. The goal is to drive value for financial institutions and their clients by enhancing operational efficiency, accelerating innovation and increasing speed to market. The collaboration includes co-innovation, joint go-to-market initiatives and the development of new AI-powered digital wealth solutions. LONDON, July 28, 2025 /CNW/ -- FNZ, a leading end-to-end wealth management platform has today announced a global, five-year strategic partnership with Microsoft to transform the wealth management industry through technology, innovation and AI-driven digital solutions. The partnership combines FNZ's industry-leading technology, wealth management expertise and global reach with Microsoft's advanced AI capabilities, cloud infrastructure and engineering excellence. By integrating Microsoft Azure AI Foundry at the heart of its platform, FNZ is redefining how financial institutions, advisors and their clients interact by delivering more personalized, intelligent and resilient digital wealth management experiences. This collaboration with Microsoft accelerates this transformation by helping FNZ bring new solutions to market faster, enhance client outcomes, boost advisor productivity and drive innovation across industry. With more than 650 financial institution partners, over 26 million end investors and close to $2 trillion in assets under administration, FNZ brings scale to the partnership. This provides access to one of the largest wealth management data sets in the world, enabling the powerful application of AI, cloud technologies and analytics to deliver deeper insights, greater personalization and better outcomes for advisors, clients and institutions alike. Partnership Highlights Through the partnership, FNZ will work with Microsoft to deliver advanced AI tools, drive new technology development and collaborate on joint go-to-market initiatives, including: Creating a next-generation advisor and investor experience: FNZ will integrate Azure AI Foundry capabilities, including Azure OpenAI in Foundry Models, into its market-leading platform to provide enhanced personalization, greater efficiency and a next-generation user experience. Innovative applications for data and analytics: FNZ will utilize Microsoft Fabric to strengthen its data and analytics capabilities, delivering deeper insights tailored to the unique needs of wealth managers and advisors. Co-development and joint engineering: FNZ will develop new digital wealth solutions by embedding Azure AI Foundry into FNZ's global platform. Joint engineering teams will accelerate product innovation, enhance platform intelligence, and deliver secure, scalable services that strengthen risk management, compliance and resilience. FNZ will also deploy GitHub Copilot across its engineering teams to boost developer productivity and innovation. Resilience and scalability: By combining FNZ's market-leading platform and delivery capabilities with Microsoft's technologies and tooling, the partnership will help create more resilient, scalable and industrial-strength solutions for financial institutions. Enhancing operational efficiency: FNZ will also deploy Microsoft 365 Copilot and intelligent agents to support middle- and back-office processes. Global joint go-to-market: FNZ will collaborate with Microsoft on joint go-to-market activities, including the development and deployment of modular wealth solutions through multiple channels, including the Microsoft Marketplace, alongside coordinated global marketing initiatives and joint participation in industry events. Roman Regelman, Group President, FNZ, said: "FNZ has always been at the forefront of innovation in wealth-management technology. Partnering with Microsoft allows us to accelerate our AI-led roadmap and enhances our ability to deliver personalized, intelligent and resilient solutions to our clients, strengthening our position of leadership." "Together, we are not just upgrading technology. We are setting a new standard for how wealth management is delivered. Partnering with Microsoft further advances our mission to open up wealth, by making investing more accessible to more people worldwide." Bill Borden, Corporate Vice President, Worldwide Financial Services, Microsoft, said: "Our partnership brings together Microsoft's AI and cloud technologies with FNZ's global platform and expertise in wealth management to deliver insights that will lead to more impactful and personalized experiences for advisors and their clients. Together, we're helping financial institutions lead as Frontier Firms by reimagining their operations through agentic AI, accelerating innovation, and unlocking new value across the wealth management ecosystem." FNZ is backed by some of the world's largest institutional shareholders, including Caisse de dépôt et placement du Québec (La Caisse), Canada Pension Plan Investment Board (CPP Investments), Generation Investment Management and Motive Partners. CONTACT: fnz@ View original content: SOURCE FNZ; MICROSOFT View original content: Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data


Business Insider
an hour ago
- Business Insider
Alibaba's Jian says most current AI tech will be gone in decade, Bloomberg says
Wang Jian, the founder of Alibaba's (BABA) cloud and AI unit, believes nine-tenths of the technology and services that have appeared since Microsoft-backed (MSFT) OpenAI's ChatGPT started a revolution in AI will be gone in under a decade, Annabelle Droulers and Lauren Faith Lau of Bloomberg reports. 'Probably 90% of the AI people are talking about, I would say, will go away in five or 10 years because it's not really the essence of this technology,' Jian said, according to Bloomberg. 'But that's not bad, and it just helps us to explore.' Elevate Your Investing Strategy: Take advantage of TipRanks Premium at 50% off! Unlock powerful investing tools, advanced data, and expert analyst insights to help you invest with confidence.


The Verge
3 hours ago
- The Verge
Elon Musk says Samsung's mystery $16.5 billion AI chip deal is for Tesla.
Chip race: Microsoft, Meta, Google, and Nvidia battle it out for AI chip supremacy See all Stories Posted Jul 28, 2025 at 3:04 AM UTC Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates. Richard Lawler Posts from this author will be added to your daily email digest and your homepage feed. See All by Richard Lawler Posts from this topic will be added to your daily email digest and your homepage feed. See All Business Posts from this topic will be added to your daily email digest and your homepage feed. See All Electric Cars Posts from this topic will be added to your daily email digest and your homepage feed. See All Elon Musk Posts from this topic will be added to your daily email digest and your homepage feed. See All News Posts from this topic will be added to your daily email digest and your homepage feed. See All Samsung Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech Posts from this topic will be added to your daily email digest and your homepage feed. See All Tesla Posts from this topic will be added to your daily email digest and your homepage feed. See All Transportation