Techly NewsGet the app

Get the latest tech news

Microsoft Releases Emergency Patches for Actively Exploited SharePoint Zero-Days


Microsoft has released emergency security updates for two actively exploited zero-day vulnerabilities in SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, that have compromised servers worldwide in what researchers call "ToolShell" attacks. The U.S. Cybersecurity and Infrastructure Security ...

Microsoft has released emergency security updates for two actively exploited zero-day vulnerabilities in SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, that have compromised servers worldwide in what researchers call "ToolShell" attacks. The U.S. Cybersecurity and Infrastructure Security Agency warned over the weekend that hackers were exploiting the vulnerabilities to gain remote code execution on on-premises SharePoint installations, while Microsoft has not yet provided patches for all affected versions.The vulnerabilities allow hackers to steal private digital keys from SharePoint servers without requiring credentials, enabling them to plant malware and access stored files and data. Eye Security, which first identified the attacks on Saturday, found dozens of actively exploited servers and warned that SharePoint's integration with Outlook, Teams, and OneDrive could enable further network compromise.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Microsoft

Microsoft

Photo of Days

Days

Photo of Emergency patches

Emergency patches

Related news:

News photo

Microsoft fixes two SharePoint zero-days under attack, but it's not over - how to patch

News photo

Global hack on Microsoft Sharepoint hits U.S., state agencies, researchers say

News photo

Microsoft patches under-attack SharePoint 2019 and SE

« Amazon includes a free $300 gift card when you pre-order the Samsung Galaxy Z Fold 7
I'm a wearables editor and here are the 7 Pixel Watch 4 rumors I'm most curious about »