What to know about a vulnerability being exploited on Microsoft SharePoint servers
The company issued an alert to customers Saturday saying it was aware of the zero-day exploit being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software.
'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president with CrowdStrike, a cybersecurity firm. 'It's a significant vulnerability.'
Companies and government agencies around the world use SharePoint for internal document management, data organisation and collaboration.
A zero-day exploit is a cyberattack that takes advantage of a previously unknown security vulnerability. 'Zero-day' refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting SharePoint is 'a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.'
Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive.
Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to 'bypass future patching.'
Eye Security said in its blog post that it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. The cybersecurity company said the attacks likely began on July 18.
Microsoft said the vulnerability affects only on-site SharePoint servers used within businesses or organisations, and does not affect Microsoft's cloud-based SharePoint Online service.
But Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, warns that the exploit still leaves many potentially exposed to bad actors.
'While cloud environments remain unaffected, on-prem SharePoint deployments — particularly within government, schools, health care including hospitals, and large enterprise companies — are at immediate risk.'
The vulnerability targets SharePoint server software so customers of that product will want to immediately follow Microsoft's guidance to patch their on-site systems.
Although the scope of the attack is still being assessed, CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
'We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response. An immediate, band-aid fix would be to unplug your Microsoft SharePoint from the internet until a patch is available,' Sikorski advises.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
India.com
an hour ago
- India.com
Bad news for employees of Ratan Tata's TCS, Satya Nadella's Microsoft, Intel as they plan to sack 50,000 employees due to...
Narayan Murthy and Late Ratan Tata- File image IT sector layoff: In a significant bad news for the global tech and IT sector and its millions of employees , three industry giants, Intel, Microsoft, and Tata Consultancy Services (TCS) have collectively announced over 50,000 job cuts in just one week. Readers should note that the massive layoffs wave mark one of the most significant employment disruptions in recent memory. Here are all the details you need to know about the massive layoff wave in the IT sector. Which IT jobs are under risk? Driven by the rapid adoption of artificial intelligence and shifting business priorities amid a broader push toward cost optimization, the major IT companies are taking the decision to reduce their workforce. The world already knows that Microsoft is planning to cut around 9,100 jobs globally, primarily targeting its Xbox, software, and cloud divisions as the company pivots more aggressively toward AI and flattens management structures. Which IT companies are firing on mass scale? Another major company, Intel, which is facing profitability pressures, is slashing over 5,000 roles across multiple US states as part of its strategy to become leaner and more agile. In another update, Ratan TCS, which is India's largest IT firm is trimming about 2% of its workforce, which may possibly impact more than 12,000 employees, especially at the mid- and senior levels, as automation. Why are IT companies doing mass-layoff? Experts say that these large-scale layoffs highlight a deeper structural shift across the tech industry, where AI is not just a tool but a trigger for disruption. As the IT companies are prioritizing more and more innovation and efficiency, traditional roles which were done by humans are rapidly being redefined or replacement.
Mint
an hour ago
- Mint
TCS to lay off over 12,000 employees this year; mid, senior level staff to be impacted
New Delhi, Jul 27 (PTI) India's largest IT services firm, Tata Consultancy Services (TCS), is set to lay off about 2 per cent, or 12,261 employees, of its global workforce this year, with the majority of those impacted belonging to middle and senior grades. As of June 30, 2025, TCS's workforce stood at 6,13,069. It increased its workforce by 5,000 employees in the recently concluded April-June quarter. The move is part of the company's broader strategy to become a "future-ready organisation", focusing on investments in technology, AI deployment, market expansion, and workforce realignment, TCS said in a statement. "TCS is on a journey to become a Future-Ready organisation. This includes strategic initiatives on multiple fronts, including investing in new-tech areas, entering new markets, deploying AI at scale for our clients and ourselves, deepening our partnerships, creating next-gen infrastructure, and realigning our workforce model. "Towards this, a number of reskilling and redeployment initiatives have been underway. As part of this journey, we will also be releasing associates from the organisation whose deployment may not be feasible. This will impact about 2 per cent of our global workforce, primarily in the middle and the senior grades, over the course of the year," it said. TCS will provide appropriate benefits, outplacement, counselling, and support to the impacted employees, it added The move comes at a time when India's top IT services companies have delivered single-digit revenue growth in Q1FY26, capping off a somewhat-sobering June quarter as macroeconomic instability and geopolitical tensions weighed on global tech demand and delayed client decision-making. For TCS, the revenue rose 1.3 per cent year-on-year to ₹ 63,437 crore, bottomline improved 5.9 per cent to ₹ 12,760 crore in Q1FY26. TCS MD and Chief Executive K Krithivasan recently said the company is experiencing a "demand contraction" due to the continued uncertainties on the macroeconomic and geopolitical fronts, and added that he does not see a double-digit revenue growth in FY26. Krithivasan explained the delays in decision-making experienced in the preceding quarter have "intensified" now, and hoped for the discretionary spends - a prime mover of revenue growths for IT companies - would return once the uncertainties ebb. Microsoft, the second most valuable publicly listed company after Nvidia globally, has so far laid off over 15,000 employees in 2025, that is 7 per cent of the company's global workforce. In a memo to over 200,000 employees last week, Microsoft CEO Satya Nadella said the layoffs this year have been "weighing heavily" on him. "This is the enigma of success in an industry that has no franchise value,' he said in the memo to staff. He added: "Progress isn't linear. It's dynamic, sometimes dissonant, and always demanding. But it's also a new opportunity for us to shape, lead through, and have greater impact than ever before." According to - a platform that tracks global tech industry layoffs - over 80,000 tech workers have been laid off across 169 tech companies in 2025 alone. In 2024, that number stood at a staggering 1.5 lakh across 551 tech companies - the stark numbers coinciding as much with global macroeconomic woes as with deep debate in tech circles about the impact of AI on job roles, workforce, and employability.
Time of India
2 hours ago
- Time of India
TCS layoffs: What will Tata Consultancy Services do for 12,000 employees it will let go this year? What the IT giant said
TCS layoffs: The move to cut its staff strength also comes at a time when TCS is facing resistance for its changed bench policy. (AI image) TCS layoffs: India's largest IT services exporter, Tata Consultancy Services (TCS), on Sunday announced that it plans to lay off 2% of its workforce over the year. This decision to reduce its employee strength by around 12,000 will impact its global workforce. The IT giant said that the people who will be impacted by the move will mostly fall in the middle to senior management category. Global economic uncertainties and artificial intelligence-driven technological changes are impacting the TCS business operations. At the end of the first quarter of the current financial year, the Tata group subsidiary had a workforce of 613,069 employees. What Does TCS Plan To Do For Employees Who Will Be Laid Off? TCS has said that it will give the appropriate benefits, outplacement, counselling, and support to the impacted employees. According to an ET report, the impacted staff members of TCS will be provided with notice period compensation and severance benefits by the company. Additionally, TCS plans to give insurance coverage extension and career transition assistance to those affected. In an official statement the IT giant said: "TCS is on a journey to become a future-ready organisation… As part of this journey, we will also be releasing associates from the organisation whose deployment may not be feasible. This will impact about 2% of our global workforce, primarily in the middle and the senior grades, over the course of the year." The company further added: "This transition is being planned with due care to ensure there is no impact on service delivery to our clients… We understand that this is a challenging time for our colleagues likely to be affected. We thank them for their service and we will be making all efforts to provide appropriate benefits, outplacement, counselling, and support as they transition to new opportunities." The move to cut its staff strength comes at a time when TCS is facing resistance for its changed bench policy, which now stipulates a maximum of 35 non-project days annually and requires staff to maintain 225 billable days per year. TCS has also recently delayed the onboarding of around 600 experienced lateral entry hires. Global Tech Layoffs Cross 80,000 This Year Data from which monitors global technology sector redundancies, indicates that over 80,000 technology professionals across 169 companies have lost their jobs in 2025, according to a PTI report. Microsoft, which is the world's second most valuable listed company after Nvidia, has dismissed more than 15,000 staff members in 2025, which is 7% of its worldwide workforce. In a recent communication to his workforce of over 2 lakh employees, Microsoft's Chief Executive Officer Satya Nadella expressed his deep concern regarding this year's staff reductions. "This is the enigma of success in an industry that has no franchise value," he said in his message to employees. He continued: "Progress isn't linear. It's dynamic, sometimes dissonant, and always demanding. But it's also a new opportunity for us to shape, lead through, and have greater impact than ever before." 2024 saw approximately 150,000 job losses across 551 technology firms, reflecting both worldwide economic challenges and ongoing discussions within the technology sector regarding AI's influence on employment opportunities, workforce structure, and professional capabilities. Stay informed with the latest business news, updates on bank holidays and public holidays . AI Masterclass for Students. Upskill Young Ones Today!– Join Now
