On 19th July, Microsoft officially informed its users about active attacks targeting SharePoint servers used within organizations. These attacks have put many on-premises servers used by global businesses and agencies at risk.
Microsoft SharePoint Servers face a cyberattack
In May, at the Pwn2Own hacking contest, a zero-day vulnerability chain called ToolShell was exploited by researchers, which enabled them to achieve remote code execution in Microsoft SharePoint. These flaws were fixed as part of the July patch updates, but threat actors were able to discover two zero-day vulnerabilities(CVE-2025-53770 and CVE-2025-53771) that bypassed Microsoft’s patches for the previous flaws.
Reportedly, using these flaws, the threat actors have been conducting ToolShell attacks on SharePoint servers worldwide, impacting over 54 organizations so far. Hackers can use the zero-day exploit to steal sensitive data, harvest passwords and move across the breached network services that are often connected to SharePoint, including Outlook, Teams and OneDrive.
Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771. These vulnerabilities apply to on-premises SharePoint Servers only. Customers should apply…
— Security Response (@msftsecresponse) July 21, 2025
Well, Microsoft has now released emergency security updates to SharePoint 2019 and SharePoint Subscription Edition servers to fully protect its customers. Customers should apply these updates immediately to ensure they are protected. The company is also working on security updates for SharePoint 2016.
Stay tuned with The Tech Outlook for more latest tech updates.
