Microsoft has published emergency security patches to protect users from zero-day vulnerabilities affecting its SharePoint work management software, the company said on its website. The vulnerabilities, which have led to spoofing attacks that steal sensitive data and passwords, have impacted governments, businesses and universities worldwide.
“Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update,” a company blog post published on Sunday read.
The vulnerabilities affect SharePoint software that operates on-premises and not the SharePoint 365 version that runs on the cloud, Microsoft said. The patches Microsoft has released, which are cumulative, are geared toward the “SharePoint Server Subscription Edition,” “SharePoint Server 2019” and “SharePoint Server 2016.”
The vulnerabilities — labeled CVE-2025-53770 and CVE-2025-53771 — were exposed in a Saturday blog post by Netherlands-based Eye Security.
The company called the vulnerabilities a “large-scale exploitation of a new SharePoint remote code execution” and wrote that, based on its analysis, there were four waves of attacks by Saturday with dozens of systems actively compromised.
According to the Cybersecurity and Infrastructure Security Agency (CISA), ToolShell, the chain used in the attacks, can be used by malicious actors to access SharePoint content, including file systems and internal configurations, while also allowing them to execute code over the network.
Related: Microsoft warns of new remote access trojan targeting crypto wallets
Microsoft SharePoint statistics and other MS vulnerabilities
According to Microsoft’s SharePoint product page, over 200,000 organizations and 190 million people use the software for content management, team sites, and intranets. However, those statistics may include users of the cloud-based version of SharePoint, versus the on-premises version that has been affected by the vulnerability.
The company has taken heat for its security lapses in the past. These issues include a Windows 10 vulnerability introduced by a security update, a similar turn of events to the issues affecting some SharePoint users.
In 2024, Microsoft faced scrutiny from the United States Congress for a series of security vulnerabilities that put some federal officials’ email accounts at risk.
Magazine: Real AI use cases in crypto, No. 3: Smart contract audits & cybersecurity
