Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Cyber Security and Security security researchers say that a newly discovered security error exists in Microsoft’s SharePoint is being attacked.
CISA The alarm appeared at the end of this week The infiltrators were taking advantage of the activity. Microsoft has not made after corrections for all the affected SharePoint versions, leaving customers all over the world unable to defense largely against continuous interventions.
Microsoft said that the error, officially known as the name Cve-2025-53770It affects the SharePoint versions created by companies and managed on their own servers. SharePoint allows companies to store, share and manage their internal files.
Microsoft said it is working on safety reforms to prevent infiltrators from exploiting weakness. The defect, described as “Zero daySince the seller has not given time to correct the error before knowing it, it affects the old program versions such as SharePoint Server 2016.
It was not yet known the number of servers that have been hacked so far, but thousands of small companies are likely to be affected by the program that depend on the program. according to Washington PostSeveral American federal agencies, universities and energy companies have already been violated.
Eye security, which It first revealed the error On Saturday, she said she found “dozens” of Microsoft SharePoint servers effectively at the time of its publication. Upon exploitation, Hackers allows the stealing of the private digital keys from SharePoint servers without the need for any admission data to log in. Once infiltrators enter, infiltrators can grow harmful programs and access files and data stored within them. Eye Security has warned that SharePoint is connected to other applications, such as Outlook, difference, and OneDrive, which may enable more network compromise and data stealing.
Aman Al -Ayoun said because the defect includes stealing digital keys that can be used to impersonate the legitimate requests on the server, and the affected customers must correct errors and take additional steps to rotate their digital keys to prevent infiltrators from reuniting the server.
CISA and others urged customers to “take immediate action.” In the absence of spots or dilution, customers should think about separating systems that are likely to be affected by the Internet.
“If SharePoint (on the Internet) is exposed to the Internet, you should assume that you have been at risk at this stage,” said Michael Sikorski, head of the intelligence department of the threat of Palu Alto 42 networks, in an email to Techcrunch.
Also, it is not yet known to carry out the attacks on SharePoint servers, but they are the latest in a series of electronic attacks targeting Microsoft customers in recent years.
In 2021, a group of China -backed piracy was arrested by Huffhenum, taking advantage of a vulnerability in email servers hosted by Microsoft, with allowing The collective holds, nominating e -mail and communications communications from companies All over the world. The infiltrators exposed more than 60,000 servants, according to The recent indictment of the Ministry of Justice Two Chinese citizens accuse the mastermind of the operation.
Two years later, Microsoft confirmed an electronic attack on its cloud systems, which it runs directly, allowing Chinese infiltrators Sensitive email signature stealing This allowed access to consumer email accounts and institutions hosted by the company.
Microsoft also mentioned Repeated interventions Among the infiltrators associated with the Russian government.
Do you know more about SharePoint attacks? Are you affected? Call safely for this reporter via an encrypted message at Zackwhittaker.1337 to the signal.
I mentioned a previous version of this incorrect CVE number; The story has been modified to notice the correct weakness, CVE-2025-53770.