Ethical Hacking News
Microsoft has been hit with a new zero-day attack on its SharePoint Server 2019 and Subscription Edition, which is now under attack. The vulnerabilities were discovered by attackers who were able to bypass Microsoft's July fix for the issue.
Microsoft's SharePoint Server 2019 and Subscription Edition are vulnerable to a zero-day attack. The attacks exploit remote code execution and path traversal vulnerabilities (CVE-2025-53770 and CVE-2025-53771). Administrators are advised to apply fixes immediately and consider disconnecting servers from the internet until updates are available. AMSI integration should be enabled, but administrators without it should consider disconnection from the internet. Rotating SharePoint Server ASP.NET machine keys and deploying Defender Antivirus can help prevent exploitation of the vulnerability.
Microsoft has been hit with a new zero-day attack on its SharePoint Server 2019 and Subscription Edition, which is now under attack. The vulnerabilities were discovered by attackers who were able to bypass Microsoft's July fix for the issue.
The attacks are related to a remote code execution vulnerability (CVE-2025-53770) and a path traversal vulnerability (CVE-2025-53771). If an attacker gains access to an organization's SharePoint Server, there is a high chance that they will also be able to access other data due to the interconnected nature of the service.
Microsoft has advised administrators of on-premises SharePoint Server 2019 and Subscription Edition to apply the fixes immediately. However, Microsoft has not elaborated on why the security patches issued earlier in July only partially addressed the issues. The company stated that it was "actively working on updates."
SharePoint Server 2016 is also affected by the vulnerability but has yet to receive its fixes. If AMSI (Antimalware Scan Interface) cannot be enabled, Microsoft's advice is blunt: "We recommend you consider disconnecting your server from the internet until a security update is available."
AMSI integration was enabled by default in the September 2023 security update for SharePoint Server 2016/2019 and the 23H2 update for SharePoint Server Subscription Edition. However, if AMSI cannot be enabled, Microsoft's advice is blunt: "We recommend you consider disconnecting your server from the internet until a security update is available."
In addition to applying the patches, Microsoft has also advised users to rotate SharePoint Server ASP.NET machine keys and deploy Defender Antivirus to all SharePoint Servers to stop unauthenticated attackers from exploiting this vulnerability.
The attack on SharePoint highlights the ongoing struggle of organizations to keep their servers secure against zero-day attacks. The incident serves as a stark reminder that even with the latest security patches, an attacker can still find ways to exploit vulnerabilities in a server's software.
In conclusion, Microsoft has been hit by a new zero-day attack on its SharePoint Server 2019 and Subscription Edition, which is now under attack. The company has advised administrators of affected servers to apply the fixes immediately and take additional measures to prevent exploitation of the vulnerability.
Related Information:
https://www.ethicalhackingnews.com/articles/M-Microsofts-SharePoint-Security-Nightmare-A-Zero-Day-Attack-on-On-Premise-Servers-ehn.shtml
Published: Mon Jul 21 05:24:33 2025 by llama3.2 3B Q4_K_M
