Latest news with #CVE-2025-53771
Tom's Guide
23-07-2025
- Tom's Guide
The SharePoint flaw has now hit over 400 companies including a US nuclear administration
The SharePoint vulnerabilities that Microsoft released emergency patches for earlier this week – tracked as CVE-2025-53770 and CVE-2025-53771 – have been exploited much further than previously thought. As reported by Bloomberg, the number of companies and organizations affected by the two exploits has grown to more than 400 in just a few days. Dutch cybersecurity company Eye Security, which noticed some of the early attacks, said the hackers involved have now breached government agencies, corporations and groups from countries around the world including the U.S., Europe, Asia and the Middle East. One of the highest profile agencies involved is the National Nuclear Security Administration, a U.S. agency that maintains the nations stockpile of nuclear weapons. Others include the U.S. Department of Education, Florida's Department of Revue, and the Rhode Island General Assembly. Organizations include government agencies, education departments and technology services. The SharePoint vulnerabilities allow threat actors access to those servers in order to steal keys that would allow them to impersonate users or services in phishing attacks. This means they could potentially gain access to networks where they could steal data, even that of a confidential or sensitive nature. Though Microsoft has issued patches to fix the flaws, researchers have cautioned that hackers may have already gained access to many of the targeted servers. The Eye Security researchers have cautioned that the number of companies hacked may still grow as there are ways to compromise servers that do not leave traces, and that other "opportunistic" hackers may continue to exploit vulnerable servers. Companies who have not yet issued a patch for their SharePoint servers should do so immediately following Microsoft's instructions which include rotating machine keys and analyzing the logs and file system for signs of system exploits. Microsoft has pointed the finger at both the Linen Typhoon and Violet Typhoon groups at being behind these attacks; both groups are said to be Chinese state-sponsored hacking groups. A third Chinese based hacking group, referred to as Storm-2603, is also said to have used the exploit in the wild. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Tom's Guide
21-07-2025
- Tom's Guide
Microsoft releases emergency security updates to fix SharePoint zero-day flaws — everything you need to know
Microsoft has released two emergency patches to address zero-day vulnerabilities that have been found in SharePoint RCE. Actively exploited in attacks, the two flaws (tracked as CVE-2025-53770 and CVE-2025-53771) are both 'ToolShell' attacks that compromise services and that build on flaws that were fixed as part of July's Patch Tuesday updates. As reported by Bleeping Computer, the new flaws were exploited by researchers back in May at a Berlin hacking contest. They did so by using a vulnerability chain that enabled the researchers to achieve remote code execution in Microsoft SharePoint. Threat actors were then able to use zero-day flaws that built on the patches from previous issues and have been conducting toolshell attacks on SharePoint servers that have directly affected over 50 organizations. The emergency patches that Microsoft has pushed out have fixed both flaws in Microsoft SharePoint Subscription Edition and SharePoint 2019 but there is currently no fix available for SharePoint 2016. Administrators should install the available updates immediately, and then rotate the machine keys as well as consider analyzing the logs and file system for the presence of malicious files or any evidence of exploitation. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
