Tech News
← Back to articles

Microsoft fixes two SharePoint zero-days under attack, but one is still unresolved - how to patch

2025-10-31 | original
read original related products more articles

Olemedia / Getty Images

Microsoft has patched two critical zero-day SharePoint security flaws that have already been exploited by hackers to attack vulnerable organizations. Responding to the exploits, the software giant has issued fixes for SharePoint Server Subscription Edition and SharePoint Server 2019, but is still working on a patch for SharePoint Server 2016.

Designated as CVE-2025-53771 and CVE-2025-53770, the two vulnerabilities apply only to on-premises versions of SharePoint, so organizations that run the cloud-based SharePoint Online are unaffected.

Also: I replaced my Microsoft account password with a passkey - and you should, too

Rated as important, CVE-2025-53771 is defined as a SharePoint Server spoofing vulnerability, which means that attackers are able to impersonate trusted and legitimate users or resources in a SharePoint environment. Rated as critical, CVE-2025-53770 is defined as a SharePoint Server remote code execution vulnerability. With this type of flaw, hackers can remotely run code in a SharePoint environment.

"CVE-2025-53770 gives a threat actor the ability to remotely execute code, bypassing identity protections (like single sign-on and multi-factor authentication), giving access to content on the SharePoint server including configurations and system files, opening up lateral access across the Windows domain," Trey Ford, chief information security officer at crowdsourced cybersecurity provider Bugcrowd, told ZDNET.

Together, the two flaws give cybercriminals the ability to install malicious programs that can compromise a SharePoint environment. And that's just what's been happening.

Already, hackers have launched attacks against US federal and state agencies, universities, energy companies, and others, state officials and private researchers told The Washington Post. SharePoint servers have been breached within at least two US federal agencies, according to the researchers. One US state official said the attackers had "hijacked" a collection of documents designed to help people understand how their government works, the Post added.

Just who are the hackers behind the attacks?

On Tuesday, Microsoft pointed the finger at three Chinese nation-state actors, accusing Linen Typhoon, Violet Typhoon, and Storm‑2603 of exploiting the SharePoint flaws.

... continue reading

Related:
Get Permanent Access to Windows 11 Pro Plus Microsoft Office 2021 for $50
Manufacturer Bricks Smart Vacuum After Engineer Blocks It From Collecting Data
Windows security update triggers BitLocker recovery in some systems — bug mostly impacts Intel PCs with Modern Standby support
AI Slop vs. OSS Security
Continuous Purple Teaming: Turning Red-Blue Rivalry into Real Defense

© 2025 GoKawiil