Microsoft Issues Critical Patch for SharePoint RCE Vulnerability Targeted in Ongoing Cyber Attacks

July 21, 2025
Server Security / Vulnerability

On Sunday, Microsoft released vital security updates to address an actively exploited vulnerability in SharePoint and provided details on another flaw that now has “more robust protections.” The company acknowledged it is “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.” The exploited vulnerability, tracked as CVE-2025-53770 (CVSS score: 9.8), involves remote code execution due to the deserialization of untrusted data in on-premises versions of Microsoft SharePoint Server. The newly identified issue is a spoofing vulnerability (CVE-2025-53771, CVSS score: 7.1), discovered and reported by Viettel Cyber Security and an anonymous researcher. The flaw is linked to inadequate restrictions on pathnames, leading to potential path traversal in Microsoft Office SharePoint…

Microsoft Issues Urgent Security Patch for Critical SharePoint Vulnerability Amid Ongoing Cyber Attacks

On July 21, 2025, Microsoft released critical security updates aimed at addressing a serious vulnerability in SharePoint that is currently being exploited in ongoing cyber attacks targeting on-premises customers. The company revealed that it is aware of these active threats, stating that attackers are utilizing vulnerabilities only partially mitigated by the July Security Update. This vulnerability, tracked as CVE-2025-53770, has been assigned a high CVSS score of 9.8, indicating its severity and potential impact. It pertains to a remote code execution flaw linked to the deserialization of untrusted data in on-premises Microsoft SharePoint Server versions.

In addition to this urgent patch, Microsoft disclosed details about another vulnerability, CVE-2025-53771, which is categorized as a spoofing flaw with a CVSS score of 7.1. This particular shortcoming was uncovered through the collaborative efforts of Viettel Cyber Security alongside an anonymous researcher. The reported issue involves an improper limitation of a pathname, commonly referred to as ‘path traversal,’ which could enable malicious actors to gain unauthorized access to restricted directories within Microsoft Office SharePoint.

The primary targets of this ongoing campaign are organizations that rely on on-premises installations of Microsoft SharePoint Server, highlighting a critical exposure for enterprises that manage their own server environments. This incident raises significant cybersecurity concerns, especially given the increasing sophistication of cyber adversaries navigating through existing vulnerabilities.

The global landscape of cyber threats continues to evolve, with attackers employing a variety of tactics that align with the MITRE ATT&CK framework. In this case, the initial access likely employed techniques such as exploiting known vulnerabilities to penetrate system defenses. Once inside, adversaries may employ tactics for persistence and privilege escalation, enabling them to maintain access and control over compromised systems.

Business owners should take this information seriously as the implications of unpatched vulnerabilities can lead to significant security breaches, potentially compromising sensitive data. Regularly updating software and following best practices for cybersecurity are essential steps in mitigating risks related to such vulnerabilities.

As Microsoft continues to monitor the situation and implement robust protections, businesses utilizing SharePoint should act swiftly to apply these updates and bolster their security measures. Furthermore, staying informed of available patches and understanding the potential tactics employed by adversaries can greatly enhance an organization’s defense against cyber threats.

Source link

Related Posts

Security Vulnerability: Hard-Coded Credentials in HPE Instant On Devices Enable Unauthorized Admin Access

Date: July 21, 2025
Category: Network Security / Vulnerability

Hewlett-Packard Enterprise (HPE) has issued critical security updates to rectify a significant vulnerability in Instant On Access Points. This flaw, identified as CVE-2025-37103, has a CVSS rating of 9.8 out of 10 and allows attackers to bypass authentication, potentially granting them administrative access to affected systems. According to the advisory, “Hard-coded login credentials were discovered in HPE Networking Instant On Access Points, enabling anyone aware of these credentials to circumvent standard device authentication.” Additionally, HPE has addressed another security issue involving authenticated command injection in the command-line interface (CVE-2025-37102, CVSS score: 7.2), which could allow remote attackers to execute arbitrary commands on the operating system with elevated privileges.

⚡ Weekly Summary: Critical SharePoint Zero-Day, Chrome Vulnerability, macOS Spyware, NVIDIA Toolkit RCE, and More

Published: July 21, 2025
Category: Enterprise Security / Zero Day

Even the most secure environments are at risk as attackers bypass elaborate defenses—not with elaborate exploits, but by leveraging weak configurations, outdated encryption, and unprotected trusted tools. These stealthy attacks evade detection by blending into normal operations, exploiting gaps in monitoring and assumptions of safety. What once appeared suspicious now seems routine, thanks to modular techniques and automation that mimic legitimate behavior.

The critical issue? Our control is not only being tested; it’s being silently compromised. This week’s updates shed light on how default configurations, blurred trust boundaries, and exposed infrastructures are transforming standard systems into vulnerabilities.

⚡ Threat of the Week: Critical SharePoint Zero-Day Under Active Exploitation (Patch Issued Today)

Microsoft has rolled out patches for two security vulnerabilities in SharePoint Server that have been actively exploited, impacting numerous organizations globally. Details on the exploitation surfaced…

Hackers Exploiting SharePoint Zero-Day Since July 7 to Steal Keys and Ensure Ongoing Access

July 22, 2025
Vulnerability / Threat Intelligence

A recently revealed critical vulnerability in Microsoft SharePoint has been actively exploited since July 7, 2025, according to Check Point Research. The cybersecurity firm detected initial attacks targeting a major unnamed Western government, with activities escalating on July 18 and 19 across government, telecommunications, and software sectors in North America and Western Europe. Check Point identified the exploitation efforts originating from three separate IP addresses—104.238.159[.]149, 107.191.58[.]76, and 96.9.125[.]147—one of which was previously associated with the exploitation of vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) appliances (CVE-2025-4427 and CVE-2025-4428). “We are witnessing an urgent and active threat: a critical zero-day vulnerability in SharePoint on-premises is being exploited globally, endangering thousands of organizations,” stated Lotem Finkelstein, Director of Threat Intelligence at Check Point.

Cisco Confirms Active Exploits Targeting Vulnerabilities in ISE, Leading to Unauthenticated Root Access

On July 22, 2025, Cisco updated its advisory regarding several recently disclosed security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), confirming that they are being actively exploited. Cisco’s Product Security Incident Response Team (PSIRT) reported awareness of attempts to exploit these vulnerabilities in real-world scenarios. However, the company did not specify which vulnerabilities are being targeted, the identity of the attacking entities, or the scale of these activities. Cisco ISE is crucial for network access control, determining which users and devices can access corporate networks and under what conditions. A breach at this level could allow attackers unrestricted access to internal systems, effectively bypassing authentication and logging controls and transforming a key policy engine into an unguarded entry point. The alert emphasizes that the identified vulnerabilities are classified as critical.