Tech News
← Back to articles

Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch

2025-10-31 | original
read original related products more articles

sankai/Getty

Microsoft has patched two critical zero-day SharePoint security flaws that have already been exploited by hackers to attack vulnerable organizations. Responding to the exploits, the software giant has issued fixes for SharePoint Server Subscription Edition and SharePoint Server 2019 but is still working on a patch for SharePoint Server 2016.

Designated as CVE-2025-53771 and CVE-2025-53770, the two vulnerabilities apply only to on-premises versions of SharePoint, so organizations that run the cloud-based SharePoint Online are unaffected.

Also: How to upgrade an 'incompatible' Windows 10 PC to Windows 11 - 2 free options

Rated as important, CVE-2025-53771 is defined as a SharePoint Server spoofing vulnerability, which means that attackers are able to impersonate trusted and legitimate users or resources in a SharePoint environment. Rated as critical, CVE-2025-53770 is defined as a SharePoint Server remote code execution vulnerability. With this type of flaw, hackers can remotely run code in a SharePoint environment.

Together, the two flaws give cybercriminals the ability to install malicious programs that can compromise a SharePoint environment. And that's just what's been happening.

Already, hackers have launched attacks against US federal and state agencies, universities, energy companies, and others, state officials and private researchers told The Washington Post. SharePoint servers have been breached within at least two US federal agencies, according to the researchers. One US state official said the attackers had "hijacked" a collection of documents designed to help people understand how their government works, the Post added.

Why did Microsoft allow these security flaws to get so out of hand? The company tried to fix both the server spoofing vulnerability and the remote code execution vulnerability with its July 8 Patch Tuesday updates via CVE-2025-49706, CVE-2025-49704, and CVE-2025-49701. But apparently, the fixes didn't quite do the trick as savvy hackers were able to sneak their way around them.

Hopefully, this time the new patches will work. In an FAQ, Microsoft said about its cavalcade of CVEs, "Yes, the update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706."

Before Microsoft rolled out the new patches on Sunday, security firm Eye Security warned about the SharePoint flaws in a Saturday research post.

... continue reading

Related:
Microsoft forms superintelligence team under AI chief Suleyman 'to serve humanity'
ICC ditches Microsoft 365 for openDesk
Get Permanent Access to Windows 11 Pro Plus Microsoft Office 2021 for $50
Manufacturer Bricks Smart Vacuum After Engineer Blocks It From Collecting Data
Windows security update triggers BitLocker recovery in some systems — bug mostly impacts Intel PCs with Modern Standby support

© 2025 GoKawiil