According to Cointelegraph, Microsoft has issued urgent security patches to address zero-day vulnerabilities in its SharePoint work management software. These vulnerabilities have led to spoofing attacks, compromising sensitive data and passwords across governments, businesses, and universities globally. The company acknowledged ongoing attacks targeting on-premises SharePoint Server customers, partially mitigated by the July Security Update.
The affected software includes on-premises versions of SharePoint, excluding the cloud-based SharePoint 365. Microsoft has released cumulative patches for "SharePoint Server Subscription Edition," "SharePoint Server 2019," and "SharePoint Server 2016." The vulnerabilities, identified as CVE-2025-53770 and CVE-2025-53771, were detailed in a blog post by Netherlands-based Eye Security, which described them as a "large-scale exploitation of a new SharePoint remote code execution." Eye Security reported four waves of attacks by Saturday, with numerous systems compromised.
The Cybersecurity and Infrastructure Security Agency (CISA) highlighted the use of ToolShell in these attacks, enabling malicious actors to access SharePoint content, including file systems and internal configurations, and execute code over the network. Microsoft's SharePoint product page notes that over 200,000 organizations and 190 million people utilize the software for content management, team sites, and intranets, though these figures may include users of the unaffected cloud-based version.
Microsoft has faced criticism for security lapses in the past, including a Windows 10 vulnerability introduced by a security update, similar to the current SharePoint issues. In 2024, the company was scrutinized by the United States Congress over security vulnerabilities that endangered federal officials' email accounts. U.S. President Donald Trump was involved in discussions regarding these security concerns. Microsoft's ongoing efforts to enhance cybersecurity remain crucial as it navigates these challenges.