Serious Security Problems With Microsoft’s SharePoint Servers

Uploaded on 2025-07-23 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft have disclosed a critical security problem has with its SharePoint servers, which has been weaponised as part of a large-scale exploitation campaign. Chinese hackers have penetrated Microsoft's SharePoint document software servers and targeted the data of the businesses using it. 

China's state-backed Linen Typhoon and Violet Typhoon hacking groups, as well as Chinese-based Storm-2603, are reported to have exploited vulnerabilities in on-premises SharePoint servers, the kind used by many corporate users, but not in its cloud-based service.

Right now, more than 85 SharePoint servers globally have been identified as compromised with the malicious web shell and these hacked servers belong to 29 organisations, including multinational firms and government entities.

In confirmation, researchers at Check Point have observed exploitation attempts targeting an unnamed major Western government, with the activity intensifying on July 18 and 19, spanning government, telecommunications, and software sectors in North America and Western Europe.

Microsoft says it is aware that an exploit for CVE-2025-53770 exists and it has begun working on the problem and is preparing and fully testing a comprehensive update to address this vulnerability. 

The zero-day flaw identified as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was worked on by Microsoft as part of its July 2025 Patch Tuesday updates. 

Microsoft have credited Viettel Security for discovering and reporting the flaw through Trend Micro's Zero Day Initiative (ZDI).

Currently without an official patch, Microsoft is urging customers to configure Antimalware Scan Interface (AMSI)  integration in SharePoint and deploy Defender AV on all SharePoint servers. It should be noted that AMSI integration is enabled by default in the September 2023 security update for SharePoint Server 2016/2019 and the Version 23H2 feature update for SharePoint Server Subscription Edition. 

For those who cannot enable AMSI, it's advised that the SharePoint Server is disconnected from the Internet until a security update is available.  Users are recommended to Use Defender for Endpoint to detect and block potential hacking activity. 

Microsoft  |   Microsoft  |  Microsoft  |  Microsoft  | BBC  |   Hacker News  |   Dark Reading  |  Reddit  |  TechTarget

Image: Ideogram

You Might Also Read: 

MS Windows Zero Day Vulnerability Widely Exploited:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 




 

« Fancy Bears Get Busy

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

Paladion

Paladion

Paladion is a provider of managed IT security services.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

Subex

Subex

Subex leverages its award-winning telecom analytics solutions in areas such as Revenue Assurance, Fraud Management, Asset Assurance and Partner Management, and IoT Security.

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

Lightship Security

Lightship Security

Lightship Security is an accredited Common Criteria and FIPS 140-2 IT security testing laboratory that specializes in test conformance automation solutions and IT product security certifications.

IEEE Cyber Science and Technology Congress (CyberSciTech)

IEEE Cyber Science and Technology Congress (CyberSciTech)

CyberSciTech provides a platform for scientists, researchers, and engineers to share their latest ideas and advances in the broad scope of cyber-related science, technology, and application topics.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

ITTAS

ITTAS

ITTAS is a multidisciplinary company specializing in information security and software and hardware protection software.

Bloc Ventures

Bloc Ventures

Bloc Ventures is an investment company providing long-term, ‘patient’ equity capital to early stage unquoted deep technology companies.

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

Flotek

Flotek

Flotek is an IT & Comms service provider delivering SMEs with trusted, innovative and cost effective cloud technology, with confidence, clarity and clout.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Pvotal Technologies

Pvotal Technologies

Pvotal Technologies engineer complex, automated processes aligned with best AIOps, BizDevOps, DevSecOps, CloudOps, and ITOps practices.

AZCOMP Technologies

AZCOMP Technologies

AZCOMP provide professional network security consulting services as well as network security auditing and assessments.