Explorer

Microsoft Issues Emergency Fix After Hackers Target SharePoint Servers In Active Attacks

The US Federal Bureau of Investigation (FBI) also said it is aware of the attacks and is working closely with its federal and private-sector partners.

Tech giant Microsoft has issued urgent security patch after observing "active attacks" on server software used by government agencies and businesses to share documents within organisations.

According to Microsoft, the vulnerabilities apply only to SharePoint servers used within organisations. SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks, the organisation informed.

“Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update,” said the tech giant in ints security advisory.

The company recommended security updates that customers should apply immediately.

The US Federal Bureau of Investigation (FBI) also said it is aware of the attacks and is working closely with its federal and private-sector partners.

Also Read : Benchmarks Sensex, Nifty Open Trading Session Nearly Flat As Trade Uncertainty Weighs Heavy On Markets

The vulnerability is related to a case of remote code execution that arises due to the deserialization of untrusted data in on-premise versions of Microsoft SharePoint Server.

Microsoft said the current published content is correct and that the previous inconsistency does not impact the company's guidance for customers.

"After applying the latest security updates above or enabling AMSI, it is critical that customers rotate SharePoint server ASP.NET machine keys and restart IIS on all SharePoint servers," Microsoft said.

If you cannot enable AMSI, you will need to rotate your keys after you install the new security update, its added.

The US Cybersecurity and Infrastructure Security Agency (CISA) has added ‘CVE-2025-53770’ vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 21, 2025.

Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771. Customers should apply these updates immediately to ensure they’re protected, said the company in its security update.

(This report has been published as part of the auto-generated syndicate wire feed. Apart from the headline, no editing has been done in the copy by ABP Live.)

Top Headlines

OPINION | India's Smartphone Affordability Shift: Why Value Matters More Than Price
OPINION | India's Smartphone Affordability Shift: Why Value Matters More Than Price
Too Much AI Slop On LinkedIn? Users Are Turning To Messy, Human Posts For Better Reach
Too Much AI Slop On LinkedIn? Users Are Turning To Messy, Human Posts
Musk Vs Altman Reloaded: Apple Lawsuit Triggers Fresh AI Billionaire Brawl On X
Musk Vs Altman Reloaded: Apple Lawsuit Triggers Fresh AI Billionaire Brawl
Netflix Considers Radical Live TV Move Amid Growing Engagement Concerns: Report
Netflix Considers Radical Live TV Move Amid Growing Engagement Concerns

Videos

War Update: US Announces Naval Blockade Around Iranian Ports and Oil Terminals
Breaking News: Iran Strikes US Bases in Gulf as America-Iran Conflict Escalates Again
Weather Alert: Heavy Rain Triggers Floods and Landslides Across Arunachal Pradesh
Breaking News: Protests in Pakistan-Administered Kashmir Enter 36th Day
Weather Alert: Heavy Rains Trigger Floods and Landslides Across Northeast India

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget