Microsoft Releases Urgent Patch to Counter Server Attacks: What To Know
Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content.
Microsoft has released an emergency security update to address a critical vulnerability in its on-premises SharePoint Server software, following a wave of cyberattacks over the weekend.
The attacks, discovered over the weekend, exploit a previously unknown vulnerability in the document-sharing software, prompting immediate action from both Microsoft and federal investigators.
Newsweek reached out to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) via email for comment.
Why It Matters
This high-impact breach highlights persistent risks for organizations relying on on-premises SharePoint servers for collaboration and internal document management. Attackers have reportedly bypassed advanced security measures, such as multi-factor authentication (MFA) and single sign-on, gaining privileged access to sensitive U.S. government, educational, health care, and corporate systems.
What To Know
On Sunday, Microsoft released a series of security patches to address the breach, saying that it was "aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update."
In a statement on social media, the tech giant said that "Microsoft has released a security update for SharePoint Subscription Edition to mitigate active attacks targeting on-premises servers. SharePoint Online is not affected. Customers should apply the update immediately. We are actively working on updates for SharePoint 2016 and 2019."
A Microsoft office in New York City as seen on June 24, 2025.
A Microsoft office in New York City as seen on June 24, 2025.
Getty Images
The vulnerability CVE-2025-53770 enables attackers to execute code and bypass traditional defenses remotely. Microsoft's cloud-based SharePoint Online service remains unaffected by these exploits.
Eye Security, a Dutch cybersecurity firm, uncovered the initial compromises after scanning over 8,000 SharePoint servers worldwide, identifying at least 54 organizations, including U.S. federal agencies, banks, and universities, that were breached.
The FBI told Newsweek on Sunday that it is aware of the incidents and is working with federal and private-sector partners to address the threat.
Who People Are Saying
Michael Sikorski, CTO and head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek: "If you have SharePoint on-prem exposed to the internet, you should assume that you have been compromised at this point. This is a high-severity, high-urgency threat.
"We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response."
The Cybersecurity and Infrastructure Security Agency said on Sunday: "CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations.
"This exploitation activity, publicly reported as "ToolShell," provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network."
What Happens Next
Microsoft is continuing to develop patches for the legacy SharePoint 2016 version, and has advised users to disconnect affected servers from the internet if immediate updates are not available or feasible.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Geek Wire
17 minutes ago
- Geek Wire
Microsoft contains SharePoint security wildfire, but questions linger about on-premises software
Microsoft's latest vulnerability impacted on-premises SharePoint software. (GeekWire File Photo / Todd Bishop) Editor's note: This is a guest analysis from Christopher Budd, who previously spent a decade at the Microsoft Security Response Center (MSRC). Emergency security teams know summer weekends are made for work. Last weekend was a reminder of that industry truism with Microsoft's SharePoint vulnerability (CVE-2025-53770). It's a classic 'remote code execution' vulnerability that only affects on-premises SharePoint servers. It can give an attacker full control over a system without authentication. If you can access the system on the internet, you can attack it and take it over. We saw attackers around the world using it quickly to establish a foothold on vulnerable networks, frequently using webshells like we saw happen with Microsoft Exchange in 2012 and 2022 with the ProxyShell and ProxyNotShell attacks. The attacks were another classic 'zero day' situation, with a new vulnerability under attack and no patch initially available. This time, Microsoft published information broadly within a day and started releasing patches within two days of the event breaking, a nearly unprecedented speed of response for them. Microsoft execs got the word out with each new development, providing clear, urgent direction. Certainly, when we look at the response, it was faster and better than we saw with ProxyNotShell. It was another example of Microsoft showing that when it needs to, it can pull out the stops with its security response, much like it did with SolarWinds in December 2020. Microsoft has also steered clear recently of the kinds of major breaches that plagued the company from March 2022 through January 2024, when corporate and cloud systems were breached by three major threat actor groups (Lapsu$, Storm-0558, Midnight Blizzard). RELATED STORY Microsoft grapples with another security breach: The latest on the SharePoint attacks Taken altogether, we can think of this as a wildfire that was identified and contained relatively quickly. There is damage from it, and teams are coming off (yet another) very long summer weekend. But compared to what this could have been, this situation was merely bad, not awful. Yet this vulnerability also exposes a fundamental tension: While Microsoft's response was exemplary, the fact that we're still seeing critical zero-day flaws in on-premises products raises questions about where these systems fit in Microsoft's cloud-first, AI-focused future. Where does securing on-premises software like Exchange, SharePoint, and, yes, Windows (which includes ActiveDirectory) get prioritized in the company's Secure Future Initiative? The well-oiled Patch Tuesday machine that I and others helped build in the early 2000s continues to chug along. But the number of patches continues to increase and the level of innovation and development around Patch Tuesday has generally dropped off in recent years. As a case in point, Microsoft promised 'no reboot' patches in the late 2000s. I distinctly recall that we promised this as 'coming soon' on the security bulletin webcasts I hosted then. But no-reboot patches never materialized at the time. While Microsoft is delivering on this promise, finally, it has taken more than 15 years, and the company is implementing it in a way that is clearly focused on the enterprise space — at a cost to users and tied to the company's cloud offerings. In today's cloud-and-AI era, many organizations still rely on on-premises systems like SharePoint for essential operations. Microsoft's swift response to this latest vulnerability proves it can rise to the occasion. But as the company accelerates its cloud-first agenda, it's fair to ask: Will on-premises software receive the same level of care and innovation? The latest fire may be out, but that burning question remains.
The Verge
18 minutes ago
- The Verge
Figma's AI app building tool is now available for everyone
Figma Make, the prompt-to-app coding tool that Figma introduced earlier this year, is now available for all users. Similar to AI coding tools like Google's Gemini Code Assist and Microsoft's GitHub Copilot, Figma Make allows users to build working prototypes and apps using natural language descriptions, instead of needing to have innate coding skills. While Figma initially launched it in beta for 'Full Seat' users — the subscription tier required to unlock all of Figma's design products — Figma Make can now be accessed by all Figma users, with limitations in place depending on the user's subscription plan. The ability to publish designs created by Figma Make, which is currently still in beta, will be restricted to users with Full Seat access. Users on View, Collab, Dev, and free Starter Seat plans will be limited to experimenting with Figma Make in their personal drafts. That means that all users can at least try a demo of Figma Make, but actually doing anything with those creations will require moving to the most expensive subscription tier. One advantage that Figma Make notably has over similar app builder coding tools is the ability to include design references. Users can upload an image or Figma design into the tool alongside the description of what they want it to create — an animated music player, for example — to guide how the final results should look. Individual elements like text formatting and font style can then also be adjusted using additional AI prompts or edited manually. Figma Make is leaving beta alongside other Figma features like the Make and Edit image tool that uses generative AI to create or manipulate images based on text descriptions, and the resolution boosting feature that can be used to improve low-quality images. Figma is also introducing a new AI credit system that gives users a set number of credits that can be exchanged for using the platform's AI tools, with allocations based on paid membership tiers. Figma says that View, Collab, and Dev Seat users can use AI features with lower credit limits, 'that are subject to change,' while Full Seat users will have unlimited access…for now. 'AI credits are intended to easily cover day-to-day needs for Full seats, but for power users who may need more, team admins will be able to buy additional credits later this year,' Figma said in its announcement. 'Until then, we won't be strictly enforcing credit limits for Full seats.' Posts from this author will be added to your daily email digest and your homepage feed. See All by Jess Weatherbed Posts from this topic will be added to your daily email digest and your homepage feed. See All AI Posts from this topic will be added to your daily email digest and your homepage feed. See All Creators Posts from this topic will be added to your daily email digest and your homepage feed. See All Design Posts from this topic will be added to your daily email digest and your homepage feed. See All News Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech
CBS News
18 minutes ago
- CBS News
DHS and HHS among federal agencies hacked in Microsoft Sharepoint breach
Washington — Department of Homeland Security headquarters, several of its component agencies and the Department of Health and Human Services have been hacked as part of a wider breach of Microsoft's SharePoint service, according to multiple U.S. officials. Microsoft confirmed its software was targeted by Chinese actors who deployed ransomware on the file sharing and storage platform. "Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon exploiting these vulnerabilities targeting internet-facing SharePoint servers," the company wrote in a blog post earlier this week. Two sources told CBS News that SharePoint was unavailable for several hours Tuesday for users at the Defense Intelligence Agency. The National Institutes of Health was also impacted by the breach. NIH conducts biomedical research and studies infectious diseases. A White House official said the White House is "closely monitoring the situation," and that the government "acted very quickly to immediately identify and mitigate this hack." "We are working with all agencies to patch vulnerabilities and mitigate impact," the official said. DHS spokeswoman Tricia McLaughlin said the Cybersecurity and Infrastructure Security Agency "quickly launched a national coordinated response through an initial alert and two cybersecurity updates" when the vulnerability was detected last Friday. "CISA has been working around the clock with Microsoft, impacted agencies, and critical infrastructure partners to share actionable information, apply mitigation efforts, implement protective measures, and assess preventative measures to shield from future attacks," McLaughlin said, adding that there is "no evidence of data exfiltration at DHS or any of its components at this time." Microsoft has issued a software update to patch the vulnerability. In April, President Trump fired General Timothy Haugh, the head of the National Security Agency and Cyber Command. Paulina Smolinski contributed to this report.
