Ethical Hacking News
Microsoft has warned its customers of a zero-day flaw in its on-premises SharePoint Server product, which has already been exploited by attackers. The vulnerability allows unauthorized access to code over a network and highlights the need for greater vigilance among users in protecting their systems from potential attacks.
Microsoft has issued a warning for a newly discovered zero-day flaw in its on-premises SharePoint Server customers. The vulnerability, CVE-2025-53770, is rated 9.8/10 and allows unauthorized attackers to execute code over a network. Patches have been issued for versions 2016, 2019, and SharePoint Server Subscription Edition, but not for all affected customers. Microsoft advises users to enable Windows Antimalware Scan Interface (AMSI) and configure an antivirus tool correctly. The company has acknowledged its own security protocols' limitations and the need for greater vigilance among users.
Microsoft has issued a warning to its on-premises SharePoint Server customers regarding a newly discovered zero-day flaw, which has already been exploited by attackers. The vulnerability, identified as CVE-2025-53770, is rated 9.8/10 on the CVSS scale and allows an unauthorized attacker to execute code over a network through deserialization of untrusted data in on-premises Microsoft SharePoint Server.
The attack targets three versions of SharePoint Enterprise Server: 2016, 2019, and SharePoint Server Subscription Edition. However, only patches have been issued for the latter two versions. In contrast, Microsoft has acknowledged that its July Security Update did not provide adequate protection against this specific vulnerability.
In light of these developments, Microsoft advises users to take immediate action to protect their systems from potential attacks. This includes ensuring that the Windows Antimalware Scan Interface (AMSI) is enabled and configured correctly, alongside an appropriate antivirus tool. Additionally, administrators are advised to watch for suspicious IIS worker processes and rotate SharePoint Server ASP.NET machine keys.
Furthermore, Microsoft has acknowledged that it failed to fully address past vulnerabilities in its security updates, leading to a situation where its own products are now being attacked. This raises concerns about the effectiveness of Microsoft's security protocols and the need for greater vigilance among users.
In related news, the US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding CVE-2025-53770, advising users to conduct scanning for specific IP addresses and monitor for POSTs to a particular URL. The Electronic Frontier Foundation (EFF) has also expressed concerns about Ring's revised policy allowing law enforcement agencies to access its devices, which it deems a "bad, bad step" for the company and the broader public.
Meanwhile, China has upgraded its smartphone surveillance tools, installing malware capable of tracking GPS location data, SMS messages, images, audio, contacts, and phone services on handsets owned by visitors to the country. This development has raised concerns among security experts about the potential risks this poses to enterprise organizations with executives and employees who travel abroad.
In other news, Microsoft will no longer use Chinese engineers to work on US Department of Defense computer systems, following an investigation prompted by a report that exposed concerns about Beijing-linked staff accessing US systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsofts-On-Premise-SharePoint-Server-Zero-Day-Flaw-Exposed-A-Threat-to-Enterprise-Security-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/21/infosec_in_brief/
https://nvd.nist.gov/vuln/detail/CVE-2025-53770
https://www.cvedetails.com/cve/CVE-2025-53770/
Published: Mon Jul 21 17:43:24 2025 by llama3.2 3B Q4_K_M
