logo
#

Latest news with #MicrosoftSharePointServer

Indian Govt Warns Businesses Over Microsoft Sharepoint Server Security Risk
Indian Govt Warns Businesses Over Microsoft Sharepoint Server Security Risk

News18

time24-07-2025

  • Business
  • News18

Indian Govt Warns Businesses Over Microsoft Sharepoint Server Security Risk

Last Updated: Microsoft has warned businesses about the security issue and now the Indian government has raised its own alert. The Indian government has issued its own security warning over the recent Microsoft SharePoint server risk that was officially alerted by the company earlier this week. The new bulletin via The Indian Computer Emergency Response Team on CERT-In this week says businesses using the Microsoft enterprise server platform could be hacked using the series of vulnerabilities that Microsoft has discovered. This platform enables organisations to share documents within their network, and leaving them vulnerable could pose major risk for the company and government agencies. The new CERT-In bulletin regarding the SharePoint server issue, dated July 22 comes with critical rating. The alert says, 'Multiple vulnerabilities have been reported in Microsoft SharePoint Server, which could be exploited by a remote attacker to execute arbitrary code, access sensitive data, or perform spoofing attacks on the targeted system." The security issue is primarily linked to the on-ground servers set up by companies and the cloud-based version is not vulnerable to these issues. However, the security agency says, 'all end-user organisations and individuals using affected Microsoft SharePoint Server installations," can become the target for hacking attempts. Microsoft's own report says the vulnerability impacts major versions of the SharePoint Server 2010 and 2013 editions. 'Customers using SharePoint Subscription Edition should apply the security update provided in CVE-2025-53771 immediately to mitigate the vulnerability," post adds. Microsoft is advising its customers to upgrade to the SharePoint Server 2016, 2019, & SharePoint Subscription Edition that will completely protect them from the latest attacks. The platform is not of use to general users but businesses will have no option but to act on the company's guidance to protect their data from being hacked. view comments First Published: July 24, 2025, 07:30 IST Disclaimer: Comments reflect users' views, not News18's. Please keep discussions respectful and constructive. Abusive, defamatory, or illegal comments will be removed. News18 may disable any comment at its discretion. By posting, you agree to our Terms of Use and Privacy Policy.

Critical SharePoint zero-day flaw exploited, urgent actions urged
Critical SharePoint zero-day flaw exploited, urgent actions urged

Techday NZ

time22-07-2025

  • Techday NZ

Critical SharePoint zero-day flaw exploited, urgent actions urged

A critical zero-day vulnerability in Microsoft SharePoint Server, identified as CVE-2025-53770, has been actively exploited by threat actors and now poses a significant security risk to organisations operating on-premises SharePoint environments. Security researchers and technology companies have raised urgent concerns about the sophistication and reach of the campaign, which has been dubbed "ToolShell" and enables remote code execution (RCE), system compromise, and persistent backdoor access - even in environments protected by measures such as multi-factor authentication (MFA). According to Adrian Culley, Senior Sales Engineer at SafeBreach, the situation is particularly serious because the attacks exploiting this vulnerability commenced before any security patches were made available, placing it in the most dangerous category of threats to enterprise infrastructure. "This CVE represents a critical security incident: it was exploited as a zero-day vulnerability in active attacks against production systems before any patches were available - the most severe type of threat organisations face," Culley stated. Further complicating the response, there is currently no single remediation patch for the vulnerability. Microsoft has taken the unusual and cautionary step of advising organisations to assume their systems may already be compromised, and to immediately conduct comprehensive investigations to verify the integrity of their environments. This approach is rarely adopted in public advisory language, and reinforces the gravity of the incident. SharePoint Server 2016 installations face unique challenges due to the absence of technical fixes at present. Organisations running these environments are being told to lean on breach and attack simulation, alongside current security controls, to gauge their exposure. Culley recommended, "Proactive defence requires targeted hardening measures and resilience improvements to prevent falling victim to this sophisticated attack vector." Analysis from Mandiant Consulting, part of Google Cloud, indicates that this exploit is being used by multiple threat actors, including groups linked to China. Charles Carmakal, CTO at Mandiant Consulting, stressed the breadth of the threat landscape: "We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor. It's critical to understand that multiple actors are now actively exploiting this vulnerability." Carmakal warned that further threat actors are expected to join as awareness and knowledge of the exploit spreads, increasing the urgency for defensive actions. Google's Threat Intelligence Group has observed attackers leveraging CVE-2025-53770 to install webshells and exfiltrate sensitive cryptographic secrets from compromised servers. This enables unauthenticated, long-term access to targeted systems, putting confidential data and business operations at risk. In its emergency guidance, Microsoft clarified that this vulnerability currently affects only on-premises versions of SharePoint Server. Organisations using SharePoint Online as part of Microsoft 365 are not impacted. For those running on-premises servers exposed to the internet, immediate action is advised. Experts recommend implementing Microsoft's mitigation advice, closely monitoring systems for signs of compromise, and preparing to deploy an emergency patch as soon as it becomes available. Carmakal summed up the reality facing organisations: "This isn't an 'apply the patch and you're done' situation. Organisations need to implement mitigations right away (and the patch when available), assume compromise, investigate whether the system was compromised prior to the patch/mitigation, and take remediation actions." Given the current lack of a comprehensive patch, vigilance in monitoring, rapid application of mitigations, and thorough investigative processes will be mandatory in defending against the expanding wave of exploitation. Security professionals emphasise that building resilience and continually reviewing security postures are critical as the situation evolves and more actors target the vulnerability.

Microsoft SharePoint hack: CERT-In flags ongoing threat, follow these steps to secure your systems
Microsoft SharePoint hack: CERT-In flags ongoing threat, follow these steps to secure your systems

Indian Express

time22-07-2025

  • Business
  • Indian Express

Microsoft SharePoint hack: CERT-In flags ongoing threat, follow these steps to secure your systems

CERT-In, India's nodal cybersecurity agency, has flagged multiple vulnerabilities in Microsoft SharePoint Server that have been actively exploited by hackers to access sensitive user data or compromise systems through spoofing attacks. SharePoint Server 2019 and SharePoint Enterprise Server 2016 as well as the subscription edition of the platform deployed by organisations on-premises have been affected in the hack, according to a CERT-In advisory issued on Tuesday, July 22, with a 'Critical' severity rating. SharePoint is a web-based collaboration and document management platform developed by Microsoft. It allows organisations to create, manage, and share content and applications in a centralised environment. All end-user organisations and individuals using affected Microsoft SharePoint Server installations are at risk of unauthorized access to sensitive data, remote code execution, and potential disruption of services, the cybersecurity watchdog said. 'A remote attacker could exploit these vulnerabilities by sending specially crafted requests to the targeted system. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access sensitive data, or perform spoofing attacks on the targeted system,' CERT-In said, adding that the vulnerabilities are being actively exploited in the wild. CERT-In has published Vulnerability note on its website (22-07-2025) Multiple vulnerabilities in Microsoft SharePoint Serverhttps:// — CERT-In (@IndianCERT) July 22, 2025 The warning comes a day after researchers on Monday, July 21, uncovered a sweeping cyber espionage operation targeting Microsoft server software that has resulted in at least 100 organisations being compromised, according to a report by Reuters. Most of the affected organisations are located in the United States and Germany, as per the Shadowserver Foundation, a California-based non-profit cybersecurity organisation. Microsoft on July 19, issued an alert about 'active attacks' on self-hosted SharePoint servers. However, SharePoint instances run off of Microsoft servers were unaffected. 'Attackers were able to exploit the flaw, now identified as CVE-2025-53770, to steal MachineKey configuration details from vulnerable SharePoint Servers, which include both a validationKey and a decryptionKey. These details can be used by attackers to create specially crafted requests that could be used to gain unauthenticated remote code execution,' Satnam Narang, Senior Staff Research Engineer at Tenable, said in a statement to It is not clear who is behind the ongoing 'zero-day' attack, which is a hack that is carried out by exploiting a vulnerability that was previously undisclosed. However, Google researchers have tied at least some of the hacks to a 'China-nexus threat actor.' In response, Microsoft has rolled out security updates and CERT-In, in its advisory, encouraged customers to install them in order to address the vulnerabilities. According to Narang, organisations can find out if their systems have been compromised in the hack by searching for indicators such as 'a file created on the vulnerable servers called In addition to applying the security updates, CERT-In suggested the following mitigation measures for affected organisations: – Rotate the MachineKey values (ValidationKey and DecryptionKey) after applying the updates to invalidate any compromised credentials. – Enable AMSI (Antimalware Scan Interface) integration in SharePoint to enhance detection of malicious activity. – Deploy Microsoft Defender Antivirus or a compatible endpoint protection solution with updated signatures. – Scan SharePoint directories (e.g., LAYOUTS folder) for unauthorized ASPX files such as – Monitor systems for suspicious process activity such as spawning or – Restrict external access to on-premises SharePoint servers where feasible until patched.

Microsoft Issues Emergency Update As Global Server Hacks Confirmed
Microsoft Issues Emergency Update As Global Server Hacks Confirmed

Forbes

time21-07-2025

  • Forbes

Microsoft Issues Emergency Update As Global Server Hacks Confirmed

Microsoft SharePoint Server emergency security update now available. Every security team's nightmare came true over the weekend: a global zero-day Microsoft server exploit without a patch. What's more, one that enables the attackers to execute code remotely, bypass identity protections such as multi-factor authentication and access system files before moving across the Windows domain. The servers in question are on-premises Microsoft SharePoint Server installations, and the critical exploit detailed as CVE-2025-53770. Late on Sunday July 20, Microsoft issued an emergency security update, but this alone is not, security researchers have warned, enough to fully stop the threat itself. Here's what you need to know and do, right now. Microsoft Confirms Global SharePoint Server Hack Attack — Issues Emergency Security Update CVE-2025-53770 is a newly discovered, critical, SharePoint Server zero-day exploit that is impacting Microsoft customers on a global scale, according to the Eye Research team behind the disclosure. The immediate impact of the exploit has been felt by those deploying on-premises, rather than SharePoint Online in Microsoft 365, SharePoint Server installations. Reports suggest that government users, hospitals and educational facilities, along with large enterprises, are most at risk. As I reported July 20, the ToolShell critical vulnerability, being exploited on a truly massive and ongoing scale, enables hackers to gain access to, and control of, on-premises SharePoint servers without authentication. As SharePoint is often connected to core services such as Microsoft Outlook, Teams, and OneDrive, the attacks can lead directly to password harvesting and data theft. Microsoft verified the critical exploit and ongoing attacks in a July 20 posting, and has now updated this to confirm that an emergency security patch has been made available. 'Customers should apply these updates immediately to ensure they're protected,' Microsoft said. Unfortunately, just applying the security update is unlikely to 'fully evict' the threat itself, as the Eye Research team warned that the theft of cryptographic keys means that the hackers can continue to impersonate users and services 'even after the server is patched.' Microsoft has now confirmed that following deployment of the emergency security update, 'it is critical that customers rotate SharePoint server machine keys and restart IIS on all SharePoint servers'

Global Cyberattack Targets Microsoft SharePoint Servers — U.S. Government Agencies Breached
Global Cyberattack Targets Microsoft SharePoint Servers — U.S. Government Agencies Breached

Cedar News

time20-07-2025

  • Cedar News

Global Cyberattack Targets Microsoft SharePoint Servers — U.S. Government Agencies Breached

A zero-day cyberattack exploiting a critical flaw in Microsoft SharePoint Server has compromised U.S. federal and state agencies, universities, energy firms, and entities worldwide, according to security officials and researchers. 🔒 Microsoft SharePoint server hack, k ey Details: The attack affects on-premises SharePoint servers, not cloud-based Microsoft 365. Microsoft has not yet issued a patch, prompting urgent mitigation efforts. Victims include government bodies in the U.S. and Europe, universities in Brazil, and an Asian telecom company. Hackers are believed to have stolen cryptographic keys, allowing potential future re-entry even after patches are applied. No confirmed attribution yet, but global targets include China and U.S. state legislatures. 💬 'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers of CrowdStrike. 🔐 The U.S., Canada, and Australia are investigating the breach, while cybersecurity firms report over 50 confirmed compromises.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store