You are currently viewing Microsoft SharePoint Zero-Day Breach Impacts 75 Servers: Urgent Patches and Security Warnings Issued
Citation : Image is used for information purposes only. Picture Credit: https://static.toiimg.com/

Microsoft SharePoint Zero-Day Breach Impacts 75 Servers: Urgent Patches and Security Warnings Issued

Prime Highlights

  • Microsoft SharePoint has been exploited by a critical zero-day vulnerability that has impacted at least 75 on-premises servers worldwide.
  • Microsoft and the FBI, in collaboration with CISA, made available critical patches and security best practices to mitigate the risk.

Key Fact

  • The flaw provides remote code execution, which can in turn give attackers permanent access via the theft of cryptographic keys.
  • Vulnerable are only on-premises SharePoint servers and not SharePoint Online.

Key Background

A critical zero-day vulnerability, CVE-2025-53770, of Microsoft SharePoint Server on 2016, 2019, and Subscription Edition has been uncovered. The flaw, initially discovered on July 18, 2025, enables unauthenticated remote code execution using unsafe data deserialization. The flaw has been exploited by the attackers to infect a minimum of 75 servers worldwide affecting corporates, energy firms, universities, and U.S. government organizations.

Attackers have been exploiting the vulnerability by uploading malicious payloads onto target servers, said cybersecurity experts. The payloads steal cryptographic machine keys, which hold sensitive data, and hackers utilize them to generate spoof tokens, which enable them to persist even after patches have been applied. Such a persistence mechanism has plagued security professionals with long-term consequences of this bug.

Microsoft released SharePoint 2019 and Subscription Edition patches immediately, and a patch is being developed for SharePoint 2016. Administrator-installable fixes are available and need to be applied at the earliest opportunity. On systems that can’t be patched immediately, Microsoft recommends shutting down those systems from the internet, enabling advanced malware protection, and using endpoint detection software to scan for malicious activity.

Security Associations like the FBI and CISA have indeed issued advisories requesting enterprises to periodically rotate encryption keys, nearly dissect forensic information, and exclude all vicious web shells that could have been installed.

Businesses are also requested to closely analyze server logs for any malicious behavior that would reflect unauthorized access.

This attack is highlighting the expanding vulnerabilities of on-premises infrastructure and signals that protective security is essential. Microsoft collaborates around the clock with government representatives and security researchers to help eliminate the attack and prevent exploitation from continuing. On-premises SharePoint servers in organizations need to take action right away and disable their systems and block follow-on attacks.