Latest news with #SharePointSubscriptionEdition
News18
24-07-2025
- Business
- News18
Indian Govt Warns Businesses Over Microsoft Sharepoint Server Security Risk
Last Updated: Microsoft has warned businesses about the security issue and now the Indian government has raised its own alert. The Indian government has issued its own security warning over the recent Microsoft SharePoint server risk that was officially alerted by the company earlier this week. The new bulletin via The Indian Computer Emergency Response Team on CERT-In this week says businesses using the Microsoft enterprise server platform could be hacked using the series of vulnerabilities that Microsoft has discovered. This platform enables organisations to share documents within their network, and leaving them vulnerable could pose major risk for the company and government agencies. The new CERT-In bulletin regarding the SharePoint server issue, dated July 22 comes with critical rating. The alert says, 'Multiple vulnerabilities have been reported in Microsoft SharePoint Server, which could be exploited by a remote attacker to execute arbitrary code, access sensitive data, or perform spoofing attacks on the targeted system." The security issue is primarily linked to the on-ground servers set up by companies and the cloud-based version is not vulnerable to these issues. However, the security agency says, 'all end-user organisations and individuals using affected Microsoft SharePoint Server installations," can become the target for hacking attempts. Microsoft's own report says the vulnerability impacts major versions of the SharePoint Server 2010 and 2013 editions. 'Customers using SharePoint Subscription Edition should apply the security update provided in CVE-2025-53771 immediately to mitigate the vulnerability," post adds. Microsoft is advising its customers to upgrade to the SharePoint Server 2016, 2019, & SharePoint Subscription Edition that will completely protect them from the latest attacks. The platform is not of use to general users but businesses will have no option but to act on the company's guidance to protect their data from being hacked. view comments First Published: July 24, 2025, 07:30 IST Disclaimer: Comments reflect users' views, not News18's. Please keep discussions respectful and constructive. Abusive, defamatory, or illegal comments will be removed. News18 may disable any comment at its discretion. By posting, you agree to our Terms of Use and Privacy Policy.
News18
22-07-2025
- Business
- News18
Microsoft Warns Businesses About Major Security Threat: What The Company Has Said
Last Updated: Microsoft has warned businesses about a major security risk that can allow systems to be attacked to steal data. Microsoft has issued a major security warning for its business customers about attacks that can directly affect their server systems. The threat is linked to the SharePoint servers running via Microsoft across its enterprise customers. This platform enables organisations to share documents within their network, and leaving them vulnerable could pose major risk for the company and government agencies. The alert from Microsoft was shared on July 19, 2025 and there is a detailed summary of the issue and how to fix the gaps caused by the attack threats. The company's threat post says, 'Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update." It seems the security risk is limited to the SharePoint customers at the server end, and those using the cloud version are secure from any possible mishaps. Reports have indicated that Microsoft is worried about the active nature of these attacks that were termed zero-day earlier this week, which means they were unaware about the possible impact of these vulnerabilities and who might be already affected by the issues. Microsoft's own report says the vulnerability impacts major versions of the SharePoint Server 2010 and 2013 editions. 'Customers using SharePoint Subscription Edition should apply the security update provided in CVE-2025-53771 immediately to mitigate the vulnerability," post adds. Urgent Need To Upgrade The most important aspect covered because of these attacks is for companies to immediately invest in upgrading their systems. Microsoft is advising its customers to upgrade to the SharePoint Server 2016, 2019, & SharePoint Subscription Edition that will completely protect them from the latest attacks. The company has a wide range of its business catering to the affected segment, and not using the cloud-based services tells you the situation on ground that Microsoft needs to overhaul before a major catastrophe like the Crowdstrike outage affects its large business model. view comments First Published: July 22, 2025, 07:30 IST Disclaimer: Comments reflect users' views, not News18's. Please keep discussions respectful and constructive. Abusive, defamatory, or illegal comments will be removed. News18 may disable any comment at its discretion. By posting, you agree to our Terms of Use and Privacy Policy.
USA Today
21-07-2025
- Business
- USA Today
Microsoft SharePoint attack: Officials issue warning about 'active exploitation'
Federal cybersecurity officials have issued a warning to Microsoft users about a security flaw allowing hackers to access to certain SharePoint systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) posted an alert on its website Sunday, July 20, saying it was aware of "active exploitation" of a security vulnerability that was allowing unauthorized access to on-site SharePoint servers. The "scope and impact" of the issue was still being assessed, CISA said in the notice posted July 20, but officials said the vulnerability "poses a risk" to organizations that house their own SharePoint servers. Microsoft, in an alert posted Saturday, July 19, said the vulnerability enables an 'authorized attacker to perform spoofing over a network,' a type of cyberattack in which an attacker attempts to trick a user or system into believing they are a trusted or known source. "The FBI is aware of the matter, and we are working closely with our federal government and private sector partners," a Microsoft spokesperson told USA TODAY Monday. SharePoint is used by government agencies and businesses in the U.S. and around the world, as reported by Reuters and the Washington Post, which first reported the attacks. It was not immediately known who was behind the attack, but a cybersecurity researcher told Reuters on Monday, July 21, it is likely the work of a single actor. "Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm, told the outlet. "However, it's possible that this will quickly change." Markets news: US stocks open higher as investors eye more earnings and tariff news Microsoft SharePoint vulnerability In its alert about the ongoing attacks on SharePoint servers, Microsoft urged customers to install new security updates. The company said SharePoint Online in Microsoft 365, stored in the cloud, was not hit by the exploit. The attack is dubbed by experts as "zero day," because, officials said, it was a shock to cybersecurity researchers. Microsoft's stock price was mostly flat on Monday morning, July 21. 'Customers should apply these updates' Microsoft reported it issued recommendations to stop attackers from exploiting it. "Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771," the post reads. 'Customers should apply these updates immediately to ensure they're protected." To access Microsoft's link to the updates click here. USA TODAY has reached out to Microsoft for more information. Contributing: Reuters Natalie Neysa Alund is a senior reporter for USA TODAY. Reach her at nalund@ and follow her on X @nataliealund.
UPI
21-07-2025
- UPI
Hackers use Microsoft security flaw to commit global assault
July 21 (UPI) -- An investigation is underway after hackers used a security flaw in Microsoft software to internationally infiltrate agencies and businesses over the weekend. The United States, Canada and Australia have partnered in an effort to probe how the unidentified hackers used a security weak spot in Microsoft's SharePoint collaboration software to gain access to several American federal and state agencies, as well as energy companies, universities and an Asian telecommunications company. Microsoft announced Saturday that it "is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update." Researchers at the Eye Security cybersecurity company first identified the weak point on Friday, explained as a "new SharePoint remote code execution vulnerability chain in the wild," it allows hackers to access the exploited SharePoint versions and steal keys that can let them impersonate users even after an affected server is patched or rebooted. As a result, hackers can use the liability to steal passwords and sensitive data and then travel the breached network through services that connect to SharePoint, such as Outlook, Teams and OneDrive. The SharePoint servers allow for documents to be shared and managed, and Microsoft has since released patches to defend SharePoint 2019 and SharePoint Subscription Edition servers, but a patch for SharePoint 2016 is still forthcoming. The attack, referred to a "zero-day" incident because it used a previously unknown vulnerability, only impacts servers housed within on-premises organizations, but not cloud operations like Microsoft 365. According to the press release from Microsoft, customers using the SharePoint Subscription Edition should "apply the security update provided in CVE-2025-53771 immediately to mitigate the vulnerability." As for those who use SharePoint 2016 or 2019, the current guidance is to "use or upgrade to supported versions of on-premises Microsoft SharePoint Server," which are SharePoint Server 2016, 2019 and SharePoint Subscription Edition, and then apply the latest security updates.
Time of India
21-07-2025
- Business
- Time of India
Microsoft alerts businesses, governments to server software attack
Microsoft has issued an alert about "active attacks" on server software used by government agencies and businesses to share documents within organisations, and it recommended security updates that customers should apply immediately. The FBI on Sunday said it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details. In an alert issued on Saturday, Microsoft said the vulnerabilities apply only to SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks. The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses. The hack is known as a "zero day" attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk. Microsoft did not immediately respond to a request for comment. In the alert, Microsoft said that a vulnerability "allows an authorized attacker to perform spoofing over a network." It issued recommendations to stop the attackers from exploiting it. In a spoofing attack , an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization or website. Microsoft said on Sunday it issued a security update for SharePoint Subscription Edition , which it said customers should apply immediately. It said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it said.
