Serious Security Problems With Microsoft’s SharePoint Servers

Uploaded on 2025-07-23 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Microsoft have disclosed a critical security problem has with its SharePoint servers, which has been weaponised as part of a large-scale exploitation campaign. Chinese hackers have penetrated Microsoft's SharePoint document software servers and targeted the data of the businesses using it. 

China's state-backed Linen Typhoon and Violet Typhoon hacking groups, as well as Chinese-based Storm-2603, are reported to have exploited vulnerabilities in on-premises SharePoint servers, the kind used by many corporate users, but not in its cloud-based service.

Right now, more than 85 SharePoint servers globally have been identified as compromised with the malicious web shell and these hacked servers belong to 29 organisations, including multinational firms and government entities.

In confirmation, researchers at Check Point have observed exploitation attempts targeting an unnamed major Western government, with the activity intensifying on July 18 and 19, spanning government, telecommunications, and software sectors in North America and Western Europe.

Microsoft says it is aware that an exploit for CVE-2025-53770 exists and it has begun working on the problem and is preparing and fully testing a comprehensive update to address this vulnerability. 

The zero-day flaw identified as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was worked on by Microsoft as part of its July 2025 Patch Tuesday updates. 

Microsoft have credited Viettel Security for discovering and reporting the flaw through Trend Micro's Zero Day Initiative (ZDI).

Currently without an official patch, Microsoft is urging customers to configure Antimalware Scan Interface (AMSI)  integration in SharePoint and deploy Defender AV on all SharePoint servers. It should be noted that AMSI integration is enabled by default in the September 2023 security update for SharePoint Server 2016/2019 and the Version 23H2 feature update for SharePoint Server Subscription Edition. 

For those who cannot enable AMSI, it's advised that the SharePoint Server is disconnected from the Internet until a security update is available.  Users are recommended to Use Defender for Endpoint to detect and block potential hacking activity. 

Microsoft  |   Microsoft  |  Microsoft  |  Microsoft  | BBC  |   Hacker News  |   Dark Reading  |  Reddit  |  TechTarget

Image: Ideogram

You Might Also Read: 

MS Windows Zero Day Vulnerability Widely Exploited:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 




 

« Fancy Bears Get Busy

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

Secmentis

Secmentis

Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.

Maven Technologies

Maven Technologies

Maven Technologies specialize in secure data destruction, electronics recycling, asset management, and highly detailed reporting.

swIDCH

swIDCH

swIDch is a technology company that aims to eliminate CNP (card not present) Fraud.

CYSEC SA

CYSEC SA

Cysec is equipped to deliver agile security solutions for the most challenging IT infrastructures around the world.

The Citadel Department of Defense Cyber Institute (CDCI)

The Citadel Department of Defense Cyber Institute (CDCI)

CDCI is established to address the critical national security needed for a skilled cybersecurity workforce.

Secora Consulting

Secora Consulting

Secora Consulting is a professional services company specialising in tailored cybersecurity assessments and cyber advisory services.

Dataminr

Dataminr

Dataminr Pulse helps organizations strengthen business resilience with AI-powered, real-time risk and event discovery—and the integrated tools to manage responses.

CUBE3 AI

CUBE3 AI

CUBE3.AI is a web3 security platform that provides real-time transaction protection for smart contracts, safeguarding against cyber exploits, fraud, and compliance risks.

Viatel Technology Group

Viatel Technology Group

Viatel Technology Group is a complete digital services provider. We have over 26 years’ experience delivering fully managed security, networking, cloud and communications services.

Trium Cyber

Trium Cyber

Trium Cyber - Expert Cyber Underwriting and Claims Management. Based in the US and UK. Backed by Lloyd’s of London.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.

Rite-Solutions

Rite-Solutions

Rite-Solutions is an award-winning software development, systems engineering, and information technology firm.

Sensfrx

Sensfrx

At Sensfrx, we are dedicated to revolutionizing the landscape of online fraud prevention.

The Nu-Age Group

The Nu-Age Group

The Nu-Age Group is a technology services firm that specializes in managed IT services, cybersecurity, Cloud solutions, and strategic IT consulting.