Microsoft has published emergency safety fixes to protect users from zero-day vulnerabilities affecting its SharePoint work management software, the company said on its website. Vulnerabilities, which have led to identity theft that steal sensitive data and passwords, have had an impact on governments, businesses and universities around the world.
“Microsoft is aware of active attacks targeting customers on SharePoint Server site by exploiting vulnerabilities partially addressed by the update of July security”, a blog article published on Sunday.
Vulnerabilities affect SharePoint software that works on site and not the SharePoint 365 version that runs on the cloud, said Microsoft. The fixes that Microsoft has published, which are cumulative, are oriented towards “SharePoint Server Edition subscription”, “SharePoint Server 2019” and “SharePoint Server 2016”.
Vulnerabilities-labeled CVE-2025-53770 and CVE-2025-53771-were exhibited in a blog article on Saturday by the Netherlands Eye-based.
The company described the vulnerabilities of “large -scale exploitation of a new SharePoint remote code execution” and wrote that, on the basis of its analysis, there were four waves of attacks on Saturday with dozens of actively compromised systems.
According to the cybersecurity and infrastructure Security Agency (CISA), the tool, the chain used in attacks, can be used by malicious actors to access SharePoint content, including file systems and internal configurations, while allowing them to execute code on the network.
In relation: Microsoft warns against the new Trojan horse from a distance targeting cryptographic wallets
Microsoft SharePoint Statistics and other MS vulnerabilities
According to the SharePoint product page of Microsoft, more than 200,000 organizations and 190 million people use the software for content management, team sites and intranets. However, these statistics may include users of the SharePoint cloud version, compared to the on -site version which has been affected by vulnerability.
https://www.youtube.com/watch?v=kynq5yofkwo
The company has gained heat for its safety shortcomings in the past. These problems include a Windows 10 vulnerability introduced by a security update, a similar turn of events to problems affecting certain SharePoint users.
In 2024, Microsoft was exposed to a meticulous examination of the American Congress for a series of security vulnerabilities which endanger the messaging accounts of certain federal officials.
Review: Real cases of use of AI in crypto, n ° 3: intelligent contract audits and cybersecurity
